Edit tour

Windows Analysis Report
https://google.co.ve/url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fsoftilac.com.tr%2f7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A

Overview

General Information

Sample URL:	https://google.co.ve/url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fsoftilac.com.tr%2f7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%
Analysis ID:	1573746
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Suricata IDS alerts for network traffic

Yara detected HtmlPhish54

AI detected landing page (webpage, office document or email)

AI detected suspicious Javascript

Detected hidden input values containing email addresses (often used in phishing pages)

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2016,i,13754757252827383329,13541994432207100586,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://google.co.ve/url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fsoftilac.com.tr%2f7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t $$$ " MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.4.id.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
0.15.i.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
0.24.id.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
3.5.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.6.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.7.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.9.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
5.12.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.11.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
Click to see the 4 entries

Suricata Signatures

ETPRO PHISHING JS/PsyduckPockeball Payload Inbound

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T15:13:13.087553+0100	2857090	1	Successful Credential Theft Detected	68.183.219.51	443	192.168.2.5	49761	TCP

ETPRO PHISHING Successful Microsoft Account Phish 2018-08-15

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T15:13:58.519613+0100	2832180	1	Successful Credential Theft Detected	192.168.2.5	49904	68.183.219.51	443	TCP

ETPRO PHISHING Successful Microsoft Account Phish 2020-01-14

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T15:13:58.519613+0100	2840426	1	Successful Credential Theft Detected	192.168.2.5	49904	68.183.219.51	443	TCP

ETPRO PHISHING Successful Microsoft Account Phish 2020-12-15

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T15:13:58.519613+0100	2846045	1	Successful Credential Theft Detected	192.168.2.5	49904	68.183.219.51	443	TCP

ETPRO PHISHING Successful Office 365 Phish 2018-08-01

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T15:13:58.519613+0100	2832046	1	Successful Credential Theft Detected	192.168.2.5	49904	68.183.219.51	443	TCP

HTTP traffic detected: POST /?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1Host: jjfkfmnfrkrjjrrmmdk.gultiles.comConnection: keep-aliveContent-Length: 6422Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://jjfkfmnfrkrjjrrmmdk.gultiles.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9AAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Thu, 12 Dec 2024 14:13:07 GMTalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 12 Dec 2024 14:13:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 7b99ef67-38f9-49a3-b370-8e0063119f00x-ms-ests-server: 2.1.19683.3 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://f9fbc1ea-1ce9e9cd.gultiles.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 12 Dec 2024 14:13:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 9e733207-2239-4f29-8d00-cbd75a1e3c00x-ms-ests-server: 2.1.19683.3 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://f9fbc1ea-1ce9e9cd.gultiles.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 12 Dec 2024 14:13:37 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: b98b8543-ebaa-486c-8e8e-a008952a2000x-ms-ests-server: 2.1.19683.3 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://f9fbc1ea-1ce9e9cd.gultiles.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 12 Dec 2024 14:13:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ms-correlation-id: 0676b333-1b13-4640-af85-691dc7888164x-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 7217E65F77904435B9A457FAC87FC9C9 Ref B: AMS231032602021 Ref C: 2024-12-12T14:13:40Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 12 Dec 2024 14:13:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: d7d5711b-ab15-41f3-8af0-1635c5c41c00x-ms-ests-server: 2.1.19683.3 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://f9fbc1ea-1ce9e9cd.gultiles.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 12 Dec 2024 14:13:48 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 1642aa5b-a1c0-4847-baea-26b2fdd15000x-ms-ests-server: 2.1.19568.3 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://f9fbc1ea-1ce9e9cd.gultiles.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 12 Dec 2024 14:13:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 1890dcd3-5ef8-49f3-88be-5351a79d2100x-ms-ests-server: 2.1.19683.3 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://f9fbc1ea-1ce9e9cd.gultiles.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 12 Dec 2024 14:14:01 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ms-correlation-id: 4e631a06-b868-4310-a509-7fb7787a83ffx-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 5A23A067F8F749BC999B9BECDA4875DD Ref B: AMS231032602007 Ref C: 2024-12-12T14:14:00Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 12 Dec 2024 14:14:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 0660d4cc-d192-42e3-a9a9-7ed01a5a6700x-ms-ests-server: 2.1.19683.3 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://f9fbc1ea-1ce9e9cd.gultiles.com/api/report?catId=GW+estsfd+dub2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:

Source: chromecache_87.2.dr

String found in binary or memory: https://softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866

Source: classification engine

Classification label: mal72.phis.win@18/50@28/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2016,i,13754757252827383329,13541994432207100586,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://google.co.ve/url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fsoftilac.com.tr%2f7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t $$$ "
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2016,i,13754757252827383329,13541994432207100586,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	2 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://google.co.ve/url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fsoftilac.com.tr%2f7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t$$$	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%	0%	Avira URL Cloud	safe
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	0%	Avira URL Cloud	safe
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif	0%	Avira URL Cloud	safe
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_b6632c4da67c72da7b92.js	0%	Avira URL Cloud	safe
https://jjfkfmnfrkrjjrrmmdk.gultiles.com/1ce9e9cd5cae40b2ad59b6166ec7828f/	0%	Avira URL Cloud	safe
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js	0%	Avira URL Cloud	safe
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif	0%	Avira URL Cloud	safe
https://l1ve.gultiles.com/Me.htm?v=3	0%	Avira URL Cloud	safe
https://4ad2126b-1ce9e9cd.gultiles.com/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css	0%	Avira URL Cloud	safe
https://111f1927-1ce9e9cd.gultiles.com/Prefetch/Prefetch.aspx	0%	Avira URL Cloud	safe
https://jjfkfmnfrkrjjrrmmdk.gultiles.com/favicon.ico	0%	Avira URL Cloud	safe
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	Avira URL Cloud	safe
https://f9fbc1ea-1ce9e9cd.gultiles.com/api/report?catId=GW+estsfd+ams2	0%	Avira URL Cloud	safe
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	0%	Avira URL Cloud	safe
https://4ad2126b-1ce9e9cd.gultiles.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js	0%	Avira URL Cloud	safe
https://d396efbc-1ce9e9cd.gultiles.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1734012838138&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true	0%	Avira URL Cloud	safe
https://softilac.com.tr/favicon.ico	0%	Avira URL Cloud	safe
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_27cef08ca792f8e8b149.js	0%	Avira URL Cloud	safe
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js	0%	Avira URL Cloud	safe
https://e498f915-1ce9e9cd.gultiles.com/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.co.ve	172.217.19.195	true	false	high
d396efbc-1ce9e9cd.gultiles.com	68.183.219.51	true	true	unknown
e498f915-1ce9e9cd.gultiles.com	68.183.219.51	true	true	unknown
l1ve.gultiles.com	68.183.219.51	true	true	unknown
f9fbc1ea-1ce9e9cd.gultiles.com	68.183.219.51	true	true	unknown
www.google.com	172.217.19.228	true	false	high
jjfkfmnfrkrjjrrmmdk.gultiles.com	68.183.219.51	true	true	unknown
111f1927-1ce9e9cd.gultiles.com	68.183.219.51	true	true	unknown
softilac.com.tr	45.143.99.90	true	false	unknown
4ad2126b-1ce9e9cd.gultiles.com	68.183.219.51	true	true	unknown
www.google.co.ve	172.217.19.227	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js	true	Avira URL Cloud: safe	unknown
https://www.google.co.ve/url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2Fsoftilac.com.tr%2F7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A	false		high
https://4ad2126b-1ce9e9cd.gultiles.com/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css	true	Avira URL Cloud: safe	unknown
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif	true	Avira URL Cloud: safe	unknown
https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/login	true		unknown
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif	true	Avira URL Cloud: safe	unknown
https://www.google.co.ve/favicon.ico	false		high
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_b6632c4da67c72da7b92.js	true	Avira URL Cloud: safe	unknown
https://l1ve.gultiles.com/Me.htm?v=3	true	Avira URL Cloud: safe	unknown
https://jjfkfmnfrkrjjrrmmdk.gultiles.com/1ce9e9cd5cae40b2ad59b6166ec7828f/	true	Avira URL Cloud: safe	unknown
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	true	Avira URL Cloud: safe	unknown
https://111f1927-1ce9e9cd.gultiles.com/Prefetch/Prefetch.aspx	true	Avira URL Cloud: safe	unknown
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	true	Avira URL Cloud: safe	unknown
https://d396efbc-1ce9e9cd.gultiles.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1734012838138&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true	true	Avira URL Cloud: safe	unknown
https://www.google.co.ve/url?q=https://softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A	false		high
https://jjfkfmnfrkrjjrrmmdk.gultiles.com/favicon.ico	true	Avira URL Cloud: safe	unknown
https://f9fbc1ea-1ce9e9cd.gultiles.com/api/report?catId=GW+estsfd+ams2	true	Avira URL Cloud: safe	unknown
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	true	Avira URL Cloud: safe	unknown
https://4ad2126b-1ce9e9cd.gultiles.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js	true	Avira URL Cloud: safe	unknown
https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	true		unknown
https://e498f915-1ce9e9cd.gultiles.com/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js	true	Avira URL Cloud: safe	unknown
https://softilac.com.tr/favicon.ico	false	Avira URL Cloud: safe	unknown
https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A	true		unknown
https://www.google.co.ve/amp/s/softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A	false		high
https://softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A	false		unknown
https://google.co.ve/url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fsoftilac.com.tr%2f7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A	false		high
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_27cef08ca792f8e8b149.js	true	Avira URL Cloud: safe	unknown
https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%	chromecache_87.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.19.228	www.google.com	United States	15169	GOOGLEUS	false
172.217.19.227	www.google.co.ve	United States	15169	GOOGLEUS	false
68.183.219.51	d396efbc-1ce9e9cd.gultiles.com	United States	14061	DIGITALOCEAN-ASNUS	true
45.143.99.90	softilac.com.tr	Turkey	208485	EKSENBILISIMTR	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.19.195	google.co.ve	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1573746
Start date and time:	2024-12-12 15:11:46 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://google.co.ve/url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fsoftilac.com.tr%2f7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.phis.win@18/50@28/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.99, 64.233.164.84, 172.217.17.78, 172.217.17.46, 2.22.50.144, 192.229.221.95, 172.217.17.35, 216.58.208.234, 142.250.181.138, 172.217.17.74, 142.250.181.10, 172.217.19.202, 172.217.17.42, 142.250.181.74, 172.217.19.234, 172.217.19.10, 172.217.19.170, 142.250.181.106, 23.218.208.109, 4.245.163.56, 13.107.246.63, 20.109.210.53
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://google.co.ve/url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fsoftilac.com.tr%2f7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t$$$

Input	Output
URL: https://google.co.ve Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://google.co.ve
URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script demonstrates moderate-risk behaviors, including redirecting the user to a potentially untrusted domain and modifying the URL with query parameters. While the intent is not entirely clear, the script's behavior raises concerns and requires further investigation." }
//<![CDATA[ !function(){var e=window,s=e.document,i=e.$Config\|\|{};if(true){s&&s.body&&(s.body.style.display="block")}else if(false){var o,t,r,f,n,d;if(i.fAddTryCatchForIFrameRedirects){try{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f\|\|r&&f>t?"?":"&",o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}catch(e){}}else{o=e.self.location.href,t=o.indexOf("#"),r=-1!==t,f=o.indexOf("?"),n=r?t:o.length,d=-1===f\|\|r&&f>t?"?":"&", o=o.substr(0,n)+d+"iframe-request-id="+i.sessionId+o.substr(n),e.top.location=o}}}(); //
URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/lo... Model: Joe Sandbox AI	{ "risk_score": 9, "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated URLs and the interaction with untrusted domains further increase the risk. Overall, this script demonstrates a high level of malicious intent and should be treated as a significant security threat." }
//<![CDATA[ $Config={"fShowPersistentCookiesWarning":false,"urlMsaSignUp":"https://l1ve.gultiles.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access\u0026response_type=code\u0026client_id=51483342-085c-4d86-bf88-cf50c7252078\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2fjjfkfmnfrkrjjrrmmdk.gultiles.com%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARs_IVer5mS7NN0V3xTXubRqFmMnPE5mWVglasYlQkbp3-BkfEFI-MkJtGUkoz8orxUh8zsxOL0ovzSApD0LSZB_6J0z5TwYrfUlNSixJLM_LxHzNjVXmAReMXCY8BsxcHBJcAgwaDA8IOFcREr0JUMT5LuHK0u8t6wrHLPQlM5hlOs-olu7q5O7kb52sZeZYWuxoFBqdlmxaXeBmHuBZHGuZEWvkYmaT5u2dqZhcW2RlaGE9iEJrAxnWJj-MDG1MHOMIud4QAn4y1uoNkJCSlPuqzTPdp3pnoFbXv48hE2wQ08jAd4GX7wHbm_f--na8feebzi1wkvy8pKNzc0rHT38XWr1PfJqtQ2iTKvCnRMz8nQj4qqcq3MLsgzcDRINDOx3SDA8ECAAQA1\u0026login_hint=dthorne%40ikasgroup.com\u0026estsfed=1\u0026uaid=eb124f3c94ac4c6382dd17b26e69c55a\u0026signup=1\u0026lw=1\u0026fl=easi2\u0026fci=https%3a%2f%2f119cfa01-1ce9e9cd.gultiles.com","urlMsaLogout":"https://l1ve.gultiles.com/logout.srf?iframed_by=https%3a%2f%2fjjfkfmnfrkrjjrrmmdk.gultiles.com","urlOtherIdpForget":"https://l1ve.gultiles.com/forgetme.srf?iframed_by=https%3a%2f%2fjjfkfmnfrkrjjrrmmdk.gultiles.com","showCantAccessAccountLink":true,"urlGitHubFed":"https://l1ve.gultiles.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access\u0026response_type=code\u0026client_id=51483342-085c-4d86-bf88-cf50c7252078\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2fjjfkfmnfrkrjjrrmmdk.gultiles.com%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARs_IVer5mS7NN0V3xTXubRqFmMnPE5mWVglasYlQkbp3-BkfEFI-MkJtGUkoz8orxUh8zsxOL0ovzSApD0LSZB_6J0z5TwYrfUlNSixJLM_LxHzNjVXmAReMXCY8BsxcHBJcAgwaDA8IOFcREr0JUMT5LuHK0u8t6wrHLPQlM5hlOs-olu7q5O7kb52sZeZYWuxoFBqdlmxaXeBmHuBZHGuZEWvkYmaT5u2dqZhcW2RlaGE9iEJrAxnWJj-MDG1MHOMIud4QAn4y1uoNkJCSlPuqzTPdp3pnoFbXv48hE2wQ08jAd4GX7wHbm_f--na8feebzi1wkvy8pKNzc0rHT38XWr1PfJqtQ2iTKvCnRMz8nQj4qqcq3MLsgzcDRINDOx3SDA8ECAAQA1\u0026login_hint=dthorne%40ikasgroup.com\u0026estsfed=1\u0026uaid=eb124f3c94ac4c6382dd17b26e69c55a\u0026fci=https%3a%2f%2f119cfa01-1ce9e9cd.gultiles.com\u0026idp_hint=github.gultiles.com","arrExternalTrustedRealmFederatedIdps":[],"fShowSignInWithGitHubOnlyOnCredPicker":true,"fEnableShowResendCode":true,"iShowResendCodeDelay":90000,"sSMSCtryPhoneData":"AF~Afghanistan~93!!!AX~land Islands~358!!!AL~Albania~355!!!DZ~Algeria~213!!!AS~American Samoa~1!!!AD~Andorra~376!!!AO~Angola~244!!!AI~Anguilla~1!!!AG~Antigua and Barbuda~1!!!AR~Argentina~54!!!AM~Armenia~374!!!AW~Aruba~297!!!AC~Ascension Island~247!!!AU~Australia~61!!!AT~Austria~43!!!AZ~Azerbaijan~994!!!BS~Bahamas~1!!!BH~Bahrain~973!!!BD~Bangladesh~880!!!BB~Barbados~1!!!BY~Belarus~375!!!BE~Belgium~32!!!BZ~Belize~501!!!BJ~Benin~229!!!BM~Bermuda~1!!!BT~Bhutan~975!!!BO~Bolivia~591!!!BQ~Bonaire~599!!!BA~Bosnia and Herzegovina~387!!!BW~Botswana~267!!!BR~Brazil~55!!!IO~British Indian Ocean Territory~246!!!VG~British Virgin Islands~1!!!BN~Brunei~673!!!BG~Bulgaria~359!!!BF~Burkina Faso~226!!!BI~Burundi~257!!!CV~Cabo Verde~238!!!KH~Cambodia~855!!!CM~Cameroon~237!!!CA~Canada~1!!!KY~Cayman Islands~1!!!CF~Central African Republic~236!!!TD~Chad~235!!!CL~Chile~56!!!CN~China~86!!!CX~Christmas Island~61!!!CC~Cocos (Keeling) Islands~61!!!CO~Colombia~57!!!KM~Comoros~269!!!CG~Congo~242!!!CD~Congo (DRC)~243!!!CK~Cook Islands~682!!!CR~Costa Rica~506!!!CI~Cte d\u0027Ivoire~225!!!HR~Croatia~385!!!CU~Cuba~53!!!CW~Curaao~599!!!CY~Cyprus~357!!!CZ~Czechia~420!!!DK~Denmark~45!!!DJ~Djibouti~253!!!DM~Dominica~1!!!DO~Dominican Republic~1!!!EC~Ecuador~593!!!EG~Egypt~20!!!SV~El Salvador~503!!!GQ~Equatorial Guinea~240!!!ER~Eritrea~291!!!EE~Estonia~372!!!ET~Ethiopia~251!!!FK~Falkland Islands~500!!!FO~Faroe Islands~298!!!FJ~Fiji~679!!!FI~Finland~358!!!FR~France~33!!!GF~French Guiana~594!!!PF~French Polynesia~689!!!GA~Gabon~241!!!GM~Gambia~220!!!GE~Geor
URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The provided JavaScript snippet contains a mix of behaviors that warrant further review. While it does not exhibit any clear high-risk indicators, such as dynamic code execution or data exfiltration, it does include some moderate-risk behaviors like external data transmission and the use of fallback domains. Additionally, the script appears to be heavily configured, which could indicate potential for abuse or misuse. Overall, the script requires closer inspection to determine the full extent of its functionality and potential risks." }
//<![CDATA[ $Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://e498f915-1ce9e9cd.gultiles.com/shared/1.0/","urlDefaultFavicon":"https://e498f915-1ce9e9cd.gultiles.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/login.srf?username=dthorne%40ikasgroup.com\u0026client-request-id=a2cb8a0b-7d2d-4c51-ab59-da69c916fb27\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://58961a0d-1ce9e9cd.gultiles.com/{0}/winauth/sso?client-request-id=a2cb8a0b-7d2d-4c51-ab59-da69c916fb27","iwaSsoProbeUrlFormat":"https://58961a0d-1ce9e9cd.gultiles.com/{0}/winauth/ssoprobe?client-request-id=a2cb8a0b-7d2d-4c51-ab59-da69c916fb27","iwaIFrameUrlFormat":"https://58961a0d-1ce9e9cd.gultiles.com/{0}/winauth/iframe?client-request-id=a2cb8a0b-7d2d-4c51-ab59-da69c916fb27\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://58961a0d-1ce9e9cd.gultiles.com/common/winauth/sso/edgeredirect?client-request-id=a2cb8a0b-7d2d-4c51-ab59-da69c916fb27\u0026origin=login.microsoftonline.com\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"scid":2001,"hpgact":2101,"hpgid":6,"apiCanary":"PAQABDgEAAADW6jl31mB3T7ugrWTT8pFeJW-BpjUI7wVkszJ273xACspLmWpsu3FWewlhvKomDJ8VlEXKI9zCr__0UnybUwCcaObJjp9WIGbe8bYsIRGqSULQkC8kwrRDOJUPepu2YxNEBjqdzTBBWz3mLJNUt9QyNcOSRRUk9pUmx4LLD12dZBsZNgTvDTaEpZ4qqb9siWJ4BHoX8hNW1sswi2PldybqHu42vcakRv2qEuhkZNpKMyAA","canary":"aFGEBG2o+3JvqE3QRek6suK0VGpY3mY8M24fLFk+iqs=6:1:CANARY:YfnpQJ1IgW3ufHcHAc9vy2huZ+gs64xRnLVhY9fA9pI=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"a2cb8a0b-7d2d-4c51-ab59-da69c916fb27","sessionId":"93ec48de-3bd3-4d6b-b15c-fdda86953a00","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you in"}},"enums":{"ClientMetricsModes":{"None":0,"SubmitOnPost":1,"SubmitOnRedirect":2,"InstrumentPlt":4}},"urls":{"instr":{"pageload":"https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/instrumentation/reportpageload","dssostatus":"https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/instrumentation/dssostatus"}},"browser":{"ltr":1,"Chrome":1,"_Win":1,"_M117":1,"_D0":1,"Full":1,"Win81":1,"RE_WebKit":1,"b":{"name":"Chrome","major":117,"minor":0},"os":{"name":"Windows","version":"10.0"},"V":"117.0"},"watson":{"url":"/common/handlers/watson","bundle":"https://e498f915-1ce9e9cd.gultiles.com/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js","sbundle":"https://e498f915-1ce9e9cd.gultiles.com/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js","fbundle":"https://e498f915-1ce9e9cd.gultiles.com/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2
URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated URLs and the presence of multiple fallback domains further increase the risk. While some contextual factors, such as the use of a trusted Microsoft login domain, may suggest legitimate functionality, the overall behavior of the script is highly suspicious and indicative of potential malicious intent." }
//<![CDATA[ $Config={"fShowPersistentCookiesWarning":false,"urlMsaSignUp":"https://l1ve.gultiles.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access\u0026response_type=code\u0026client_id=51483342-085c-4d86-bf88-cf50c7252078\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2fjjfkfmnfrkrjjrrmmdk.gultiles.com%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARs_IVer5mS7NN0V3xTXubRqFmMnPE5mWVglasYlQkbp3-BkfEFI-MkJtGUkoz8orxUh8zsxOL0ovzSApD0LSZB_6J0z5TwYrfUlNSixJLM_LxHzNjVXmAReMXCY8BsxcHBJcAgwaDA8IOFcREr0JUMT5LuHK0u8t6wrHLPQlM5hlOs-olu7q5O7kb52sZeZYWuxoFBqdlmxaXeBmHuBZHGuZEWvkYmaT5u2dqZhcW2RlaGE9iEJrAxnWJj-MDG2MHOMIud4QAn4wYexgO8DD_4jtzfv_fTtWPvPF7x61T5m2qHBfqFGZknGfo4Z_v4J1tku1SlmZVVRATlR7j4ewSF-pbmRnq7-kbabhBgeCDAAAA1\u0026login_hint=dthorne%40ikasgroup.com\u0026estsfed=1\u0026uaid=eb124f3c94ac4c6382dd17b26e69c55a\u0026signup=1\u0026lw=1\u0026fl=easi2\u0026fci=https%3a%2f%2f119cfa01-1ce9e9cd.gultiles.com","urlMsaLogout":"https://l1ve.gultiles.com/logout.srf?iframed_by=https%3a%2f%2fjjfkfmnfrkrjjrrmmdk.gultiles.com","urlOtherIdpForget":"https://l1ve.gultiles.com/forgetme.srf?iframed_by=https%3a%2f%2fjjfkfmnfrkrjjrrmmdk.gultiles.com","showCantAccessAccountLink":true,"urlGitHubFed":"https://l1ve.gultiles.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access\u0026response_type=code\u0026client_id=51483342-085c-4d86-bf88-cf50c7252078\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2fjjfkfmnfrkrjjrrmmdk.gultiles.com%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARs_IVer5mS7NN0V3xTXubRqFmMnPE5mWVglasYlQkbp3-BkfEFI-MkJtGUkoz8orxUh8zsxOL0ovzSApD0LSZB_6J0z5TwYrfUlNSixJLM_LxHzNjVXmAReMXCY8BsxcHBJcAgwaDA8IOFcREr0JUMT5LuHK0u8t6wrHLPQlM5hlOs-olu7q5O7kb52sZeZYWuxoFBqdlmxaXeBmHuBZHGuZEWvkYmaT5u2dqZhcW2RlaGE9iEJrAxnWJj-MDG2MHOMIud4QAn4wYexgO8DD_4jtzfv_fTtWPvPF7x61T5m2qHBfqFGZknGfo4Z_v4J1tku1SlmZVVRATlR7j4ewSF-pbmRnq7-kbabhBgeCDAAAA1\u0026login_hint=dthorne%40ikasgroup.com\u0026estsfed=1\u0026uaid=eb124f3c94ac4c6382dd17b26e69c55a\u0026fci=https%3a%2f%2f119cfa01-1ce9e9cd.gultiles.com\u0026idp_hint=github.gultiles.com","arrExternalTrustedRealmFederatedIdps":[],"fShowSignInWithGitHubOnlyOnCredPicker":true,"fEnableShowResendCode":true,"iShowResendCodeDelay":90000,"sSMSCtryPhoneData":"AF~Afghanistan~93!!!AX~land Islands~358!!!AL~Albania~355!!!DZ~Algeria~213!!!AS~American Samoa~1!!!AD~Andorra~376!!!AO~Angola~244!!!AI~Anguilla~1!!!AG~Antigua and Barbuda~1!!!AR~Argentina~54!!!AM~Armenia~374!!!AW~Aruba~297!!!AC~Ascension Island~247!!!AU~Australia~61!!!AT~Austria~43!!!AZ~Azerbaijan~994!!!BS~Bahamas~1!!!BH~Bahrain~973!!!BD~Bangladesh~880!!!BB~Barbados~1!!!BY~Belarus~375!!!BE~Belgium~32!!!BZ~Belize~501!!!BJ~Benin~229!!!BM~Bermuda~1!!!BT~Bhutan~975!!!BO~Bolivia~591!!!BQ~Bonaire~599!!!BA~Bosnia and Herzegovina~387!!!BW~Botswana~267!!!BR~Brazil~55!!!IO~British Indian Ocean Territory~246!!!VG~British Virgin Islands~1!!!BN~Brunei~673!!!BG~Bulgaria~359!!!BF~Burkina Faso~226!!!BI~Burundi~257!!!CV~Cabo Verde~238!!!KH~Cambodia~855!!!CM~Cameroon~237!!!CA~Canada~1!!!KY~Cayman Islands~1!!!CF~Central African Republic~236!!!TD~Chad~235!!!CL~Chile~56!!!CN~China~86!!!CX~Christmas Island~61!!!CC~Cocos (Keeling) Islands~61!!!CO~Colombia~57!!!KM~Comoros~269!!!CG~Congo~242!!!CD~Congo (DRC)~243!!!CK~Cook Islands~682!!!CR~Costa Rica~506!!!CI~Cte d\u0027Ivoire~225!!!HR~Croatia~385!!!CU~Cuba~53!!!CW~Curaao~599!!!CY~Cyprus~357!!!CZ~Czechia~420!!!DK~Denmark~45!!!DJ~Djibouti~253!!!DM~Dominica~1!!!DO~Dominican Republic~1!!!EC~Ecuador~593!!!EG~Egypt~20!!!SV~El Salvador~503!!!GQ~Equatorial Guinea~240!!!ER~Eritrea~291!!!EE~Estonia~372!!!ET~Ethiopia~251!!!FK~Falkland Islands~500!!!FO~Faroe Islands~298!!!FJ~Fiji~679!!!FI~Finland~358!!!FR~France~33!!!GF~French Guiana~594!!!PF~French Polynesia~689!!!GA~Gabon~241!!!GM~Gambia~220!!!GE~Georgia~995!!!DE~Germany~49!!!GH~Ghana~233!!!GI~Gibraltar~350!!!GR~G
URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a part of a web page loading and debugging utility. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily focused on handling document ready and load events, as well as providing a simple logging mechanism through the `$Debug` object. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script seems to be a benign utility with no clear signs of malicious intent." }
//<![CDATA[ !function(){var e=window,r=e.$Debug=e.$Debug\|\|{},t=e.$Config\|\|{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog\|\|25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs\|\|[],u=n.$WebWatson;try{ var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r\|\|this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do\|\|(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)\|\|o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n\|\|(a=n, u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){ for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener\|\|"load"===e.type\|\|"complete"===r.readyState)&&t()}function i(){ r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){ return f.$Config\|\|f.ServerData\|\|{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src\|\|r.href\|\|"")+"'",e+=", id:"+(r.id\|\|""),e+=", async:"+(r.async\|\|""),e+=", defer:"+(r.defer\|\|"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")\|\|-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){ var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader\|\|{}).slReportFailure\|\|r.slReportFailure\|\|!1}function a(){return(e().loader\|\|{}).redirectToErrorPageOnLoadFailure\|\|!1}function s(){return(e().loader\|\|{}).logByThrowing\|\|!1}function u(e){if(!t()&&!n()){return!1}var r=e.src\|\|e.href\|\|"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0} if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("name","")),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){ var r=g.createElement("script"),t=g.querySelector("
URL: https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a polyfill for the Promise API, which is a common and legitimate practice. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is benign and focused on providing a consistent Promise implementation across different browsers. There are no clear indicators of malicious intent or data exfiltration, so the risk score is relatively low." }
/! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. * * json2.js (2016-05-01) * https://github.gultiles.com/douglascrockford/JSON-js * License: Public Domain * * Provided for Informational Purposes Only * * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------ */!function(e){function n(n){for(var t,i,o=n[0],r=n[1],s=0,c=[];s<o.length;s++)i=o[s],Object.prototype.hasOwnProperty.call(a,i)&&a[i]&&c.push(a[i][0]),a[i]=0;for(t in r)Object.prototype.hasOwnProperty.call(r,t)&&(e[t]=r[t]);for(d&&d(n);c.length;)c.shift()()}var t,i={},a={24:0};function o(n){if(i[n])return i[n].exports;var t=i[n]={i:n,l:!1,exports:{}};return e[n].call(t.exports,t,t.exports,o),t.l=!0,t.exports}Function.prototype.bind\|\|(t=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var n=t.call(arguments,1),i=n.length,a=this,o=function(){},r=function(){return n.length=i,n.push.apply(n,arguments),a.apply(o.prototype.isPrototypeOf(this)?this:e,n)};return this.prototype&&(o.prototype=this.prototype),r.prototype=new o,r}),document.head=document.head\|\|document.getElementsByTagName("head")[0],function(){function e(n){var t=this,i=0,a=null,o=[];function r(){if(o.length>0){var e=o.slice();o=[],setTimeout((function(){for(var n=0,t=e.length;n<t;++n)e[n]()}),0)}}function s(e){0===i&&(a=e,i=1,r())}function c(e){0===i&&(a=e,i=2,r())}t.then=function(n,t){return new e((function(s,c){!function(n,t,s,c){o.push((function(){var o;try{o=1===i?"function"==typeof n?n(a):a:"function"==typeof t?t(a):a}catch(r){return void c(r)}o instanceof e?o.then(s,c):2===i&&"function"!=typeof t?c(o):s(o)})),0!==i&&r()}(n,t,s,c)}))},t["catch"]=function(e){return t.then(null,e)},function(){if("function"!=typeof n)throw new TypeError("Promise: argument is not a Function object");try{n(s,c)}catch(e){c(e)}}()}function n(e,n,t,i,a){return function(o){e[n]=i?o:a?{status:"fulfilled",value:o}:{status:"rejected",reason:o},t()}}function t(t,i){return t&&t.length?new e((function(a,o){for(var r=[],s=0,c=0,d=t.length;c<d;++c){var l=t[c];if(l instanceof e){s++;var u=function(){0==--s&&a(r)};i?l.then(n(r,c,u,i),o):l.then(n(r,c,u,i,!0),n(r,c,u,i,!1))}else r[c]=l}0===s&&setTimeout((function(){a(r)}),0)})):e.resolve([])}function i(e,n){return function(){e(n)}}e.all=function(e){return t(e,!0)},e.allSettled=function(e){return t(e,!1)},e.race=function(n){return new e((function(t,a){if(n&&n.length)for(var o=0,r=n.length;o<r;++o){var s=n[o];s instanceof e?s.then(t,a):setTimeout(i(t,s),0)}}))},e.reject=function(n){return new e((function(e,t){t(n)}))},e.resolve=function(n){return n instanceof e?n:n&&"function"==typeof n.then?new e((function(e,t){n.then(e,t)})):new e((function(e){e(n)}))},window.Promise\|\|(window.Promise=e),window.Promise.all\|\|(window.Promise.all=e.all),window.Promise.allSettled\|\|(window.Promise.allSettled=e.allSettled),window.Promise.race\|\|(window.Promise.race=e.race),window.Promise.reject\|\|(window.Promise.reject=e.reject),window.Promise.resolve\|\|(window.Promise.resolve=e.resolve)}(),o.e=function(e){var n=[],t=a[e];if(0!==t)if(t)n.push(t[2]);else{var i=new Promise((function(n,i){t=a[e]=[n,i]}));n.push(t[2]=i);var r=window.ServerData,s=r&&r.loader&&r.loader.cdnRoots\|\|[],c=r&&r.slMaxRetry?r.slMaxRetry:s.length-1,d=new Error;var l=function u
URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "This JavaScript snippet exhibits several behaviors that raise moderate security concerns: 1. It uses the `Function` constructor, which can be used for dynamic code execution (3 points). 2. It sends data to external domains via `XHR` and `fetch` calls, which could potentially include sensitive information (2 points). 3. The code is heavily obfuscated, making it difficult to analyze and understand the true intent (3 points). While the code does not appear to have a clear malicious purpose, the combination of dynamic code execution, data transmission, and obfuscation warrants further investigation. The final risk score of 6 indicates that this script requires closer scrutiny and should be handled with caution." }
!function(){"use strict";var t=function(r,e){return t=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,r){t.__proto__=r}\|\|function(t,r){for(var e in r)Object.prototype.hasOwnProperty.call(r,e)&&(t[e]=r[e])},t(r,e)};function r(r,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function n(){this.constructor=r}t(r,e),r.prototype=null===e?Object.create(e):(n.prototype=e.prototype,new n)}function e(t,r,e,n){return new(e\|\|(e=Promise))((function(o,i){function u(t){try{s(n.next(t))}catch(t){i(t)}}function c(t){try{s(n.throw(t))}catch(t){i(t)}}function s(t){var r;t.done?o(t.value):(r=t.value,r instanceof e?r:new e((function(t){t(r)}))).then(u,c)}s((n=n.apply(t,r\|\|[])).next())}))}function n(t,r){var e,n,o,i,u={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return i={next:c(0),throw:c(1),return:c(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function c(c){return function(s){return function(c){if(e)throw new TypeError("Generator is already executing.");for(;i&&(i=0,c[0]&&(u=0)),u;)try{if(e=1,n&&(o=2&c[0]?n.return:c[0]?n.throw\|\|((o=n.return)&&o.call(n),0):n.next)&&!(o=o.call(n,c[1])).done)return o;switch(n=0,o&&(c=[2&c[0],o.value]),c[0]){case 0:case 1:o=c;break;case 4:return u.label++,{value:c[1],done:!1};case 5:u.label++,n=c[1],c=[0];continue;case 7:c=u.ops.pop(),u.trys.pop();continue;default:if(!(o=u.trys,(o=o.length>0&&o[o.length-1])\|\|6!==c[0]&&2!==c[0])){u=0;continue}if(3===c[0]&&(!o\|\|c[1]>o[0]&&c[1]<o[3])){u.label=c[1];break}if(6===c[0]&&u.label<o[1]){u.label=o[1],o=c;break}if(o&&u.label<o[2]){u.label=o[2],u.ops.push(c);break}o[2]&&u.ops.pop(),u.trys.pop();continue}c=r.call(t,u)}catch(t){c=[6,t],n=0}finally{e=o=0}if(5&c[0])throw c[1];return{value:c[0]?c[1]:void 0,done:!0}}([c,s])}}}Object.create;function o(t){var r="function"==typeof Symbol&&Symbol.iterator,e=r&&t[r],n=0;if(e)return e.call(t);if(t&&"number"==typeof t.length)return{next:function(){return t&&n>=t.length&&(t=void 0),{value:t&&t[n++],done:!t}}};throw new TypeError(r?"Object is not iterable.":"Symbol.iterator is not defined.")}function i(t,r){var e="function"==typeof Symbol&&t[Symbol.iterator];if(!e)return t;var n,o,i=e.call(t),u=[];try{for(;(void 0===r\|\|r-- >0)&&!(n=i.next()).done;)u.push(n.value)}catch(t){o={error:t}}finally{try{n&&!n.done&&(e=i.return)&&e.call(i)}finally{if(o)throw o.error}}return u}function u(t,r,e){if(e\|\|2===arguments.length)for(var n,o=0,i=r.length;o<i;o++)!n&&o in r\|\|(n\|\|(n=Array.prototype.slice.call(r,0,o)),n[o]=r[o]);return t.concat(n\|\|Array.prototype.slice.call(r))}function c(t){return this instanceof c?(this.v=t,this):new c(t)}function s(t,r,e){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var n,o=e.apply(t,r\|\|[]),i=[];return n={},u("next"),u("throw"),u("return",(function(t){return function(r){return Promise.resolve(r).then(t,l)}})),n[Symbol.asyncIterator]=function(){return this},n;function u(t,r){o[t]&&(n[t]=function(r){return new Promise((function(e,n){i.push([t,r,e,n])>1\|\|s(t,r)}))},r&&(n[t]=r(n[t])))}function s(t,r){try{(e=o[t](r)).value instanceof c?Promise.resolve(e.value.v).then(a,l):f(i[0][2],e)}catch(t){f(i[0][3],t)}var e}function a(t){s("next",t)}function l(t){s("throw",t)}function f(t,r){t(r),i.shift(),i.length&&s(i[0][0],i[0][1])}}function a(t){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var r,e=t[Symbol.asyncIterator];return e?e.call(t):(t=o(t),r={},n("next"),n("throw"),n("return"),r[Symbol.asyncIterator]=function(){return this},r);function n(e){r[e]=t[e]&&function(r){return new Promise((function(n,o){(function(t,r,e,n){Promise.resolve(n).then((function(r){t({value:r,done:e})}),r)})(n,o,(r=t[e](r)).done,r.value)}))}}}Object.create;"function"==typeof SuppressedError&&SuppressedError;function l(t){return"function"==typeof t}var f,h=((f=function(t){return function(r){t(this),this.message=r?r.length+" errors oc
URL: https://e498f915-1ce9e9cd.gultiles.com/shared/1.0/... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The provided JavaScript snippet appears to be a polyfill for the Promise API, which is a common and legitimate practice. However, it also includes some behaviors that warrant further review, such as the use of dynamic code execution (via `setTimeout`) and potential data exfiltration (sending data to external domains). Additionally, the script is obfuscated, which increases the risk. Overall, the script exhibits a mix of low-risk and moderate-risk indicators, resulting in a medium risk score." }
/! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. * * json2.js (2016-05-01) * https://github.gultiles.com/douglascrockford/JSON-js * License: Public Domain * * Provided for Informational Purposes Only * * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------ */!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)r=i[s],Object.prototype.hasOwnProperty.call(o,r)&&o[r]&&u.push(o[r][0]),o[r]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(c&&c(t);u.length;)u.shift()()}var n,r={},o={1:0};function i(t){if(r[t])return r[t].exports;var n=r[t]={i:t,l:!1,exports:{}};return e[t].call(n.exports,n,n.exports,i),n.l=!0,n.exports}Function.prototype.bind\|\|(n=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var t=n.call(arguments,1),r=t.length,o=this,i=function(){},a=function(){return t.length=r,t.push.apply(t,arguments),o.apply(i.prototype.isPrototypeOf(this)?this:e,t)};return this.prototype&&(i.prototype=this.prototype),a.prototype=new i,a}),document.head=document.head\|\|document.getElementsByTagName("head")[0],function(){function e(t){var n=this,r=0,o=null,i=[];function a(){if(i.length>0){var e=i.slice();i=[],setTimeout((function(){for(var t=0,n=e.length;t<n;++t)e[t]()}),0)}}function s(e){0===r&&(o=e,r=1,a())}function u(e){0===r&&(o=e,r=2,a())}n.then=function(t,n){return new e((function(s,u){!function(t,n,s,u){i.push((function(){var i;try{i=1===r?"function"==typeof t?t(o):o:"function"==typeof n?n(o):o}catch(a){return void u(a)}i instanceof e?i.then(s,u):2===r&&"function"!=typeof n?u(i):s(i)})),0!==r&&a()}(t,n,s,u)}))},n["catch"]=function(e){return n.then(null,e)},function(){if("function"!=typeof t)throw new TypeError("Promise: argument is not a Function object");try{t(s,u)}catch(e){u(e)}}()}function t(e,t,n,r,o){return function(i){e[t]=r?i:o?{status:"fulfilled",value:i}:{status:"rejected",reason:i},n()}}function n(n,r){return n&&n.length?new e((function(o,i){for(var a=[],s=0,u=0,c=n.length;u<c;++u){var l=n[u];if(l instanceof e){s++;var d=function(){0==--s&&o(a)};r?l.then(t(a,u,d,r),i):l.then(t(a,u,d,r,!0),t(a,u,d,r,!1))}else a[u]=l}0===s&&setTimeout((function(){o(a)}),0)})):e.resolve([])}function r(e,t){return function(){e(t)}}e.all=function(e){return n(e,!0)},e.allSettled=function(e){return n(e,!1)},e.race=function(t){return new e((function(n,o){if(t&&t.length)for(var i=0,a=t.length;i<a;++i){var s=t[i];s instanceof e?s.then(n,o):setTimeout(r(n,s),0)}}))},e.reject=function(t){return new e((function(e,n){n(t)}))},e.resolve=function(t){return t instanceof e?t:t&&"function"==typeof t.then?new e((function(e,n){t.then(e,n)})):new e((function(e){e(t)}))},window.Promise\|\|(window.Promise=e),window.Promise.all\|\|(window.Promise.all=e.all),window.Promise.allSettled\|\|(window.Promise.allSettled=e.allSettled),window.Promise.race\|\|(window.Promise.race=e.race),window.Promise.reject\|\|(window.Promise.reject=e.reject),window.Promise.resolve\|\|(window.Promise.resolve=e.resolve)}(),i.e=function(e){var t=[],n=o[e];if(0!==n)if(n)t.push(n[2]);else{var r=new Promise((function(t,r){n=o[e]=[t,r]}));t.push(n[2]=r);var a=window.ServerData,s=a&&a.loader&&a.loader.cdnRoots\|\|[],u=a&&a.slMaxRetry?a.slMaxRetry:s.length-1,c=new Error;var l=function d(
URL: https://www.google.co.ve/url?q=https://softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "The previous page is sending you to https://softliac.com/tr/7oya/jiencuo2ndtn/l/ZHRob3JuUZBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A. If you do not want to visit that page, you can return to the previous page.", "prominent_button_name": "return to the previous page", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://www.google.co.ve/url?q=https://softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob... Model: Joe Sandbox AI	```json { "risk_score": 2, "reasoning": "The script contains legacy practices such as using outdated event handling methods like `attachEvent` and `detachEvent`, which are considered low-risk indicators. There is no evidence of dynamic code execution, data exfiltration, or interaction with suspicious domains. The script appears to be focused on DOM event handling and logging, with no clear malicious intent." }
//<![CDATA[ !function(){var e=window,r=e.$Debug=e.$Debug\|\|{},t=e.$Config\|\|{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog\|\|25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs\|\|[],u=n.$WebWatson;try{ var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r\|\|this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do\|\|(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)\|\|o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n\|\|(a=n, u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){ for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener\|\|"load"===e.type\|\|"complete"===r.readyState)&&t()}function i(){ r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){ return f.$Config\|\|f.ServerData\|\|{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src\|\|r.href\|\|"")+"'",e+=", id:"+(r.id\|\|""),e+=", async:"+(r.async\|\|""),e+=", defer:"+(r.defer\|\|"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")\|\|-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){ var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader\|\|{}).slReportFailure\|\|r.slReportFailure\|\|!1}function a(){return(e().loader\|\|{}).redirectToErrorPageOnLoadFailure\|\|!1}function s(){return(e().loader\|\|{}).logByThrowing\|\|!1}function u(e){if(!t()&&!n()){return!1}var r=e.src\|\|e.href\|\|"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0} if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("name","")),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){ var r=g.createElement("script"),t=g.querySelector("s
URL: https://4ad2126b-1ce9e9cd.gultiles.com/shared/1.0/... Model: Joe Sandbox AI	```json { "risk_score": 2, "reasoning": "The script uses moderate-risk indicators such as external data transmission via XHR and fetch, but it interacts with trusted domains and appears to be part of a legitimate application, likely for loading custom strings and CSS. No high-risk behaviors like dynamic code execution or data exfiltration are present." }
/! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. * * json2.js (2016-05-01) * https://github.gultiles.com/douglascrockford/JSON-js * License: Public Domain * * Provided for Informational Purposes Only * * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------ */ (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[8],Array(539).concat([function(t,e,r){var n=r(2),o=r(22),i=r(0),s=r(5),u=r(1018),a=r(3).Array,c=i.StringCustomizationPageId;t.exports=function(t){var e=this,r=t.serverData,f=t.pageId;function l(t){return function(t){var e=0,n=r.slMaxRetry\|\|0;if(!t)return s.reject();return new s((function(r,s){var u={targetUrl:t,contentType:i.ContentType.Json,requestType:o.RequestType.Get,timeout:3e4,successCallback:function(t,e){r(e)},failureCallback:function(t){e<n?(e+=1,new o.Handler(u).sendRequest()):s(t)}};new o.Handler(u).sendRequest()}))}(t).then((function(t){return JSON.parse(t)}),(function(){e.strings.isLoadFailure(!0)}))}e.customCssLoader=new u,e.strings=n.observable({}),e.strings.isLoadComplete=n.observable(!1),e.strings.isLoadFailure=n.observable(!1),e.isLoadComplete=n.observable(!1),e.isLoadFailure=n.observable(!1),e.initialize=function(){},e.load=function(t){var r,n=[],o=[];return t.customStringsFiles&&function(t,r){var n=[];switch(f){case c.ConditionalAccess:t.conditionalAccess&&n.push(t.conditionalAccess);break;case c.AttributeCollection:t.attributeCollection&&n.push(t.attributeCollection);break;case c.ProofUpPage:t.authenticatorNudgeScreen&&n.push(t.authenticatorNudgeScreen),t.conditionalAccess&&n.push(t.conditionalAccess);break;case c.ErrorPage:t.adminConsent&&n.push(t.adminConsent),t.conditionalAccess&&n.push(t.conditionalAccess);break;case c.LoginPage:t.attributeCollection&&n.push(t.attributeCollection);break;case c.MessagePage:}var o=n.length;if(o)for(var i=0;i<o;i++)r.push(l(n[i]));else e.strings.isLoadComplete(!0)}(t.customStringsFiles,o),t.customCss&&n.push((r=t.customCss,e.customCssLoader.loadAsync(r))),s.allSettled(o).then((function(t){var r=[];a.forEach(t,(function(t){t&&"fulfilled"===t.status&&t.value&&(r=r.concat(t.value))})),e.strings(r),e.strings.isLoadComplete(!0)})),s.allSettled(n.concat(o)).then((function(){e.isLoadComplete(!0)})),s.all(n)["catch"]((function(t){throw e.isLoadFailure(!0),t}))}}},,,function(t,e,r){"use strict";var n=r(545),o=r(570).f,i=r(571),s=r(561),u=r(742),a=r(635),c=r(637);t.exports=function(t,e){var r,f,l,h,p,d=t.target,y=t.global,v=t.stat;if(r=y?n:v?n[d]\|\|u(d,{}):n[d]&&n[d].prototype)for(f in e){if(h=e[f],l=t.dontCallGetSet?(p=o(r,f))&&p.value:r[f],!c(y?f:d+(v?".":"#")+f,t.forced)&&l!==undefined){if(typeof h==typeof l)continue;a(h,l)}(t.sham\|\|l&&l.sham)&&i(h,"sham",!0),s(r,f,h,t)}}},function(t,e,r){"use strict";t.exports=function(t){try{return!!t()}catch(e){return!0}}},function(t,e,r){"use strict";var n=r(633),o=Function.prototype,i=o.call,s=n&&o.bind.bind(i,i);t.exports=n?s:function(t){return function(){return i.apply(t,arguments)}}},function(t,e,r){"use strict";(function(e){var r=function(t){return t&&t.Math===Math&&t};t.exports=r("object"==typeof globalThis&&globalThis)\|\|r("object"==typeof window&&window)\|\|r("object"==typeof self&&self)\|\|r("object"==typeof e&&e)\|\|r("object"==typeof this&&this)\|\|function(){return this}()\|\|Function("return this")()}).call(this,r(40))},function(t,e,r){"use strict";var n=r(543);t.exports=!n((fu
URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Press confirm button to continue", "prominent_button_name": "CONFIRM", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Press confirm button to continue", "prominent_button_name": "CONFIRM", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Enter password", "prominent_button_name": "Sign in", "text_input_field_labels": [ "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Enter password", "prominent_button_name": "Sign in", "text_input_field_labels": [ "Enter password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true Model: Joe Sandbox AI	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The provided URL 'jjfkfmnfrkrjjrrmmdk.gultiles.com' does not match the legitimate domain for Microsoft.", "The URL contains a random string 'jjfkfmnfrkrjjrrmmdk' which is suspicious and not related to Microsoft.", "The domain 'gultiles.com' is not associated with Microsoft and appears unrelated.", "Presence of a password input field on a non-legitimate domain is a common phishing tactic." ], "riskscore": 9} Google indexed: False
URL: jjfkfmnfrkrjjrrmmdk.gultiles.com Brands: Microsoft Input Fields: Password
URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/login Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Your account or password is incorrect. If you don't remember your password, reset it now.", "prominent_button_name": "Sign in", "text_input_field_labels": [ "Enter password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true Model: Joe Sandbox AI	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'jjfkfmnfrkrjjrrmmdk.gultiles.com' does not match the legitimate domain for Microsoft.", "The domain 'gultiles.com' is not associated with Microsoft and appears suspicious.", "The subdomain 'jjfkfmnfrkrjjrrmmdk' is nonsensical and could be an attempt to obfuscate the true nature of the site.", "The presence of an input field for 'Enter password' is a common tactic used in phishing sites to capture sensitive information." ], "riskscore": 9} Google indexed: False
URL: jjfkfmnfrkrjjrrmmdk.gultiles.com Brands: Microsoft Input Fields: Enter password
URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/login Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/login Model: Joe Sandbox AI	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is classified as 'wellknown'.", "The URL 'jjfkfmnfrkrjjrrmmdk.gultiles.com' does not match the legitimate domain 'microsoft.com'.", "The domain 'gultiles.com' is not associated with Microsoft.", "The URL contains a random string 'jjfkfmnfrkrjjrrmmdk' which is suspicious and not related to Microsoft.", "The presence of an input field asking for a password on a non-legitimate domain is a common phishing tactic." ], "riskscore": 9} Google indexed: False
URL: jjfkfmnfrkrjjrrmmdk.gultiles.com Brands: Microsoft Input Fields: Enter password

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 12 13:12:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9791710324508
Encrypted:	false
SSDEEP:	48:8ywdqTWyWHTidAKZdA19ehwiZUklqehHy+3:8ytzCoy
MD5:	C9CBEA8F4E4759553D3171C980264BA0
SHA1:	17692A00E88157F16F802BE33415B363BBC7E0D1
SHA-256:	86F6736E1F516FBFBF91DD658A6055946A07355FF1580F8E3DEDF75C11935863
SHA-512:	DB61DD8E8F0D9F23A56CC31B65876B6039B85C1E71C8EFC516E667300C1CCD6F783864AC9EB77B6099495824B2FFC683366F4BC8A269ED025F4766A59A4A9AD6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....i..L..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.q....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.q....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.q....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.q..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.q...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............4.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The provided URL 'jjfkfmnfrkrjjrrmmdk.gultiles.com' does not match the legitimate domain for Microsoft., The URL contains a random string 'jjfkfmnfrkrjjrrmmdk' which is suspicious and not related to Microsoft., The domain 'gultiles.com' is not associated with Microsoft and appears unrelated., Presence of a password input field on a non-legitimate domain is a common phishing tactic. DOM: 4.10.pages.csv
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'jjfkfmnfrkrjjrrmmdk.gultiles.com' does not match the legitimate domain for Microsoft., The domain 'gultiles.com' is not associated with Microsoft and appears suspicious., The subdomain 'jjfkfmnfrkrjjrrmmdk' is nonsensical and could be an attempt to obfuscate the true nature of the site., The presence of an input field for 'Enter password' is a common tactic used in phishing sites to capture sensitive information. DOM: 4.11.pages.csv
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/login	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL 'jjfkfmnfrkrjjrrmmdk.gultiles.com' does not match the legitimate domain 'microsoft.com'., The domain 'gultiles.com' is not associated with Microsoft., The URL contains a random string 'jjfkfmnfrkrjjrrmmdk' which is suspicious and not related to Microsoft., The presence of an input field asking for a password on a non-legitimate domain is a common phishing tactic. DOM: 5.12.pages.csv

Source: Yara match	File source: 0.4.id.script.csv, type: HTML
Source: Yara match	File source: 0.15.i.script.csv, type: HTML
Source: Yara match	File source: 0.24.id.script.csv, type: HTML
Source: Yara match	File source: 3.5.pages.csv, type: HTML
Source: Yara match	File source: 4.6.pages.csv, type: HTML
Source: Yara match	File source: 4.7.pages.csv, type: HTML
Source: Yara match	File source: 4.9.pages.csv, type: HTML
Source: Yara match	File source: 5.12.pages.csv, type: HTML
Source: Yara match	File source: 4.11.pages.csv, type: HTML

Source: 0.24.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/lo... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated URLs and the interaction with untrusted domains further increase the risk. Overall, this script demonstrates a high level of malicious intent and should be treated as a significant security threat.
Source: 0.10.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated URLs and the presence of multiple fallback domains further increase the risk. While some contextual factors, such as the use of a trusted Microsoft login domain, may suggest legitimate functionality, the overall behavior of the script is highly suspicious and indicative of potential malicious intent.

Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/login	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: Iframe src: https://111f1927-1ce9e9cd.gultiles.com/Prefetch/Prefetch.aspx
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: Iframe src: https://111f1927-1ce9e9cd.gultiles.com/Prefetch/Prefetch.aspx
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: Iframe src: https://111f1927-1ce9e9cd.gultiles.com/Prefetch/Prefetch.aspx
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/login	HTTP Parser: Iframe src: https://111f1927-1ce9e9cd.gultiles.com/Prefetch/Prefetch.aspx

Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: <input type="password" .../> found
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/login	HTTP Parser: <input type="password" .../> found

Source: https://www.google.co.ve/url?q=https://softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A	HTTP Parser: No favicon
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A	HTTP Parser: No favicon
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: No favicon
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: No favicon
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: No favicon
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: No favicon
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: No favicon
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: No favicon
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/login	HTTP Parser: No favicon

Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/login	HTTP Parser: No <meta name="author".. found

Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/common/login	HTTP Parser: No <meta name="copyright".. found

Source: Network traffic	Suricata IDS: 2857090 - Severity 1 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound : 68.183.219.51:443 -> 192.168.2.5:49761
Source: Network traffic	Suricata IDS: 2832046 - Severity 1 - ETPRO PHISHING Successful Office 365 Phish 2018-08-01 : 192.168.2.5:49904 -> 68.183.219.51:443
Source: Network traffic	Suricata IDS: 2832180 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2018-08-15 : 192.168.2.5:49904 -> 68.183.219.51:443
Source: Network traffic	Suricata IDS: 2840426 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2020-01-14 : 192.168.2.5:49904 -> 68.183.219.51:443
Source: Network traffic	Suricata IDS: 2846045 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2020-12-15 : 192.168.2.5:49904 -> 68.183.219.51:443

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: google.co.ve
Source: global traffic	DNS traffic detected: DNS query: www.google.co.ve
Source: global traffic	DNS traffic detected: DNS query: softilac.com.tr
Source: global traffic	DNS traffic detected: DNS query: jjfkfmnfrkrjjrrmmdk.gultiles.com
Source: global traffic	DNS traffic detected: DNS query: e498f915-1ce9e9cd.gultiles.com
Source: global traffic	DNS traffic detected: DNS query: f9fbc1ea-1ce9e9cd.gultiles.com
Source: global traffic	DNS traffic detected: DNS query: 4ad2126b-1ce9e9cd.gultiles.com
Source: global traffic	DNS traffic detected: DNS query: l1ve.gultiles.com
Source: global traffic	DNS traffic detected: DNS query: 111f1927-1ce9e9cd.gultiles.com
Source: global traffic	DNS traffic detected: DNS query: d396efbc-1ce9e9cd.gultiles.com

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 12, 2024 15:12:38.966799021 CET	53	62226	1.1.1.1	192.168.2.5
Dec 12, 2024 15:12:38.973776102 CET	53	57903	1.1.1.1	192.168.2.5
Dec 12, 2024 15:12:41.666243076 CET	53	62081	1.1.1.1	192.168.2.5
Dec 12, 2024 15:12:43.167212009 CET	57623	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:12:43.167454958 CET	49507	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:12:43.304282904 CET	53	57623	1.1.1.1	192.168.2.5
Dec 12, 2024 15:12:43.307393074 CET	53	49507	1.1.1.1	192.168.2.5
Dec 12, 2024 15:12:44.815700054 CET	65403	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:12:44.815879107 CET	54720	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:12:45.028109074 CET	53	54720	1.1.1.1	192.168.2.5
Dec 12, 2024 15:12:45.044816971 CET	53	65403	1.1.1.1	192.168.2.5
Dec 12, 2024 15:12:47.575115919 CET	50125	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:12:47.575248957 CET	60542	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:12:47.712762117 CET	53	50125	1.1.1.1	192.168.2.5
Dec 12, 2024 15:12:47.812148094 CET	53	60542	1.1.1.1	192.168.2.5
Dec 12, 2024 15:12:58.485970020 CET	64961	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:12:58.486260891 CET	57945	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:12:58.623646021 CET	53	64961	1.1.1.1	192.168.2.5
Dec 12, 2024 15:12:58.624378920 CET	53	57945	1.1.1.1	192.168.2.5
Dec 12, 2024 15:12:58.727967024 CET	53	53858	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:06.863955021 CET	57004	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:06.864577055 CET	49762	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:07.715065002 CET	53	57004	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:07.715341091 CET	53	49762	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:09.896529913 CET	64944	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:09.896837950 CET	58224	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:10.311686993 CET	53	58224	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:10.312655926 CET	53	64944	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:17.602632999 CET	53	56754	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:24.721708059 CET	58387	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:24.721709013 CET	63848	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:24.958085060 CET	53	63848	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:24.983251095 CET	53	58387	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:28.066334009 CET	54934	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:28.066607952 CET	56315	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:28.204900026 CET	53	56315	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:28.204943895 CET	53	54934	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:30.705463886 CET	49210	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:30.705786943 CET	49335	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:30.923301935 CET	53	49335	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:30.939621925 CET	53	49210	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:31.046194077 CET	64353	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:31.046312094 CET	51044	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:31.256277084 CET	49515	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:31.256548882 CET	62728	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:31.275157928 CET	53	64353	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:31.279009104 CET	53	51044	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:31.480966091 CET	53	49515	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:31.483935118 CET	53	62728	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:33.972667933 CET	58311	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:33.972667933 CET	57016	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:34.111680031 CET	53	57016	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:34.112660885 CET	53	58311	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:38.068393946 CET	64243	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:38.068578005 CET	58650	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:38.425642014 CET	53	64243	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:38.425684929 CET	53	58650	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:38.478617907 CET	53	65381	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:40.773180008 CET	53	50585	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:44.084642887 CET	53	59530	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:58.553299904 CET	54659	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:58.553431988 CET	63338	53	192.168.2.5	1.1.1.1
Dec 12, 2024 15:13:58.780347109 CET	53	54659	1.1.1.1	192.168.2.5
Dec 12, 2024 15:13:58.795850039 CET	53	63338	1.1.1.1	192.168.2.5

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:12:46 UTC	993	OUT	GET /url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fsoftilac.com.tr%2f7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A HTTP/1.1 Host: google.co.ve Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-12 14:12:47 UTC	842	IN	HTTP/1.1 301 Moved Permanently Location: https://www.google.co.ve/url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2Fsoftilac.com.tr%2F7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-cyElskeOGAJSzRMwycnJhw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 14:12:47 GMT Expires: Sat, 11 Jan 2025 14:12:47 GMT Cache-Control: public, max-age=2592000 Server: gws Content-Length: 427 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 14:12:47 UTC	427	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 76 65 2f 75 72 6c 3f 36 71 3d 65 6d 67 6a 62 78 6c 4a 4c 69 36 7a 37 33 79 68 26 61 6d 70 3b 72 63 74 3d 74 54 50 76 76 71 36 78 52 79 6a 37 59 30 30 78 44 6a 6e 6c 78 39 6b 49 6a 75 73 75 63 54 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.co.ve/url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:12:49 UTC	997	OUT	GET /url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2Fsoftilac.com.tr%2F7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A HTTP/1.1 Host: www.google.co.ve Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-12 14:12:50 UTC	1107	IN	HTTP/1.1 302 Found Location: https://www.google.co.ve/amp/s/softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A Cache-Control: private Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-G-luEx-dYsNQHrkzECosMw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Permissions-Policy: unload=() P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Thu, 12 Dec 2024 14:12:50 GMT Server: gws Content-Length: 343 X-XSS-Protection: 0 Set-Cookie: NID=520=NVtCmAfnHO7HluPMATWYDeYNbGN969nAm-YQlVdl1XQBvP7Sr-ZTVCdhNhSLWmJFdzEdzVeVrhSkjVXuYC4MPnyR7Ntbw-EIDDXvvyZBUOpFFUSb7wBawlmCBobKt3gc0nlycQT3QkvLfENu5SlpsPxNI7wN0T4Wo6X-2-jEdZ2BQz3MKcsrL9yuD7NNeZbS9Ven; expires=Fri, 13-Jun-2025 14:12:49 GMT; path=/; domain=.google.co.ve; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 14:12:50 UTC	283	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 76 65 2f 61 6d 70 2f 73 2f 73 6f 66 74 69 6c 61 63 2e 63 6f 6d 2e 74 72 2f 37 79 6f 79 61 2f 6a 69 65 68 63 75 6f 32 6e 64 74 6e 31 2f 5a 48 52 6f 62 33 4a 75 5a 55 42 70 61 32 46 7a 5a 33 4a 76 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.co.ve/amp/s/softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3Jv
2024-12-12 14:12:50 UTC	60	IN	Data Raw: 30 25 39 41 24 24 24 25 43 33 25 41 33 25 45 32 25 38 32 25 41 43 25 45 32 25 38 30 25 39 41 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: 0%9A$$$%C3%A3%E2%82%AC%E2%80%9A">here</A>.</BODY></HTML>

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:12:52 UTC	1139	OUT	GET /amp/s/softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A HTTP/1.1 Host: www.google.co.ve Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=520=NVtCmAfnHO7HluPMATWYDeYNbGN969nAm-YQlVdl1XQBvP7Sr-ZTVCdhNhSLWmJFdzEdzVeVrhSkjVXuYC4MPnyR7Ntbw-EIDDXvvyZBUOpFFUSb7wBawlmCBobKt3gc0nlycQT3QkvLfENu5SlpsPxNI7wN0T4Wo6X-2-jEdZ2BQz3MKcsrL9yuD7NNeZbS9Ven
2024-12-12 14:12:53 UTC	923	IN	HTTP/1.1 302 Found Location: https://www.google.co.ve/url?q=https://softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A Cache-Control: private X-Robots-Tag: noindex Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-NhBjeQM9PHpvyZ7hZdxshw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 14:12:52 GMT Server: gws Content-Length: 351 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 14:12:53 UTC	351	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 76 65 2f 75 72 6c 3f 71 3d 68 74 74 70 73 3a 2f 2f 73 6f 66 74 69 6c 61 63 2e 63 6f 6d 2e 74 72 2f 37 79 6f 79 61 2f 6a 69 65 68 63 75 6f 32 6e 64 74 6e 31 2f 5a 48 52 6f 62 33 4a 75 5a 55 42 70 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.co.ve/url?q=https://softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBp

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:12:54 UTC	1147	OUT	GET /url?q=https://softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A HTTP/1.1 Host: www.google.co.ve Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=520=NVtCmAfnHO7HluPMATWYDeYNbGN969nAm-YQlVdl1XQBvP7Sr-ZTVCdhNhSLWmJFdzEdzVeVrhSkjVXuYC4MPnyR7Ntbw-EIDDXvvyZBUOpFFUSb7wBawlmCBobKt3gc0nlycQT3QkvLfENu5SlpsPxNI7wN0T4Wo6X-2-jEdZ2BQz3MKcsrL9yuD7NNeZbS9Ven
2024-12-12 14:12:55 UTC	1017	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 14:12:55 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-kUcrUFl-xY9yFZ_njbo4_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Server: gws X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-12 14:12:55 UTC	373	IN	Data Raw: 36 62 38 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 20 4e 6f 74 69 63 65 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 2c 64 69 76 2c 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 6f 62 6f 74 6f 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 70 78 7d 64 69 76 7b 63 6f 6c 6f 72 3a 23 30 30 30 7d 61 3a 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 36 38 31 64 61 38 Data Ascii: 6b8<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Redirect Notice</title><style>body,div,a{font-family:Roboto,Arial,sans-serif}body{background-color:#fff;margin-top:3px}div{color:#000}a:link{color:#681da8
2024-12-12 14:12:55 UTC	1354	IN	Data Raw: 61 72 28 2d 2d 67 53 35 6a 58 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 38 66 39 66 61 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 65 6d 3b 77 69 64 74 68 3a 31 30 30 25 7d 64 69 76 2e 61 58 67 61 47 62 7b 70 61 64 64 69 6e 67 3a 30 2e 35 65 6d 20 30 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 30 70 78 7d 64 69 76 2e 66 54 6b 37 76 64 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 33 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 35 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 79 6d 47 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 58 67 61 47 62 22 3e 3c 66 6f 6e 74 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 22 3e 3c 62 3e 52 65 64 69 72 65 63 74 20 4e 6f 74 69 63 65 Data Ascii: ar(--gS5jXb);background:#f8f9fa;margin-top:1em;width:100%}div.aXgaGb{padding:0.5em 0;margin-left:10px}div.fTk7vd{margin-left:35px;margin-top:35px}</style></head><body><div class="mymGo"><div class="aXgaGb"><font style="font-size:larger"><b>Redirect Notice
2024-12-12 14:12:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:12:57 UTC	1405	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.co.ve Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.co.ve/url?q=https://softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=520=NVtCmAfnHO7HluPMATWYDeYNbGN969nAm-YQlVdl1XQBvP7Sr-ZTVCdhNhSLWmJFdzEdzVeVrhSkjVXuYC4MPnyR7Ntbw-EIDDXvvyZBUOpFFUSb7wBawlmCBobKt3gc0nlycQT3QkvLfENu5SlpsPxNI7wN0T4Wo6X-2-jEdZ2BQz3MKcsrL9yuD7NNeZbS9Ven
2024-12-12 14:12:58 UTC	694	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: image/x-icon Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 Date: Thu, 12 Dec 2024 14:12:58 GMT Expires: Fri, 20 Dec 2024 14:12:58 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 14:12:58 UTC	696	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-12-12 14:12:58 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb ff 3a 47 ea ff 5a 66 ee ff a2 Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J:GZf
2024-12-12 14:12:58 UTC	1390	IN	Data Raw: fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc d8 c3 ff ff ff ff ff ff ff ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-12-12 14:12:58 UTC	1390	IN	Data Raw: 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBF!4I
2024-12-12 14:12:58 UTC	564	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:13:00 UTC	662	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.co.ve Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=520=NVtCmAfnHO7HluPMATWYDeYNbGN969nAm-YQlVdl1XQBvP7Sr-ZTVCdhNhSLWmJFdzEdzVeVrhSkjVXuYC4MPnyR7Ntbw-EIDDXvvyZBUOpFFUSb7wBawlmCBobKt3gc0nlycQT3QkvLfENu5SlpsPxNI7wN0T4Wo6X-2-jEdZ2BQz3MKcsrL9yuD7NNeZbS9Ven
2024-12-12 14:13:01 UTC	702	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 12 Dec 2024 14:12:58 GMT Expires: Fri, 20 Dec 2024 14:12:58 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 2 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 14:13:01 UTC	688	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-12-12 14:13:01 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb ff 3a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J:
2024-12-12 14:13:01 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc d8 c3 Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-12-12 14:13:01 UTC	1390	IN	Data Raw: 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-12-12 14:13:01 UTC	572	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:13:09 UTC	799	OUT	GET /7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A HTTP/1.1 Host: softilac.com.tr Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://www.google.co.ve/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-12 14:13:09 UTC	421	IN	HTTP/1.1 200 OK Connection: close refresh: 0;url=https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t$$$ content-type: text/html; charset=UTF-8 content-length: 0 date: Thu, 12 Dec 2024 14:13:07 GMT alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://google.co.ve/url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fsoftilac.com.tr%2f7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Windows Analysis Report
https://google.co.ve/url?6q=emgjbxlJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fsoftilac.com.tr%2f7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:13:09 UTC	685	OUT	GET /favicon.ico HTTP/1.1 Host: softilac.com.tr Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://softilac.com.tr/7yoya/jiehcuo2ndtn1/ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-12 14:13:10 UTC	396	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 708 date: Thu, 12 Dec 2024 14:13:07 GMT alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-12-12 14:13:10 UTC	708	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:13:11 UTC	827	OUT	GET /?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1 Host: jjfkfmnfrkrjjrrmmdk.gultiles.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://softilac.com.tr/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-12 14:13:12 UTC	181	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 12 Dec 2024 14:13:12 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2024-12-12 14:13:12 UTC	7100	IN	Data Raw: 31 62 62 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 66 75 6e 63 74 69 6f 6e 20 61 30 4b 35 28 4b 2c 42 29 7b 76 61 72 20 69 3d 61 30 4b 34 28 29 3b 72 65 74 75 72 6e 20 61 30 4b 35 3d 66 75 6e 63 74 69 6f 6e 28 53 2c 78 29 7b 53 3d 53 2d 30 78 63 33 3b 76 61 72 20 54 3d 69 5b 53 5d 3b 72 65 74 75 72 6e 20 54 3b 7d 2c 61 30 4b 35 28 4b 2c 42 29 3b 7d 28 66 75 6e 63 74 69 6f 6e 28 4b 2c 42 29 7b 76 61 72 20 53 79 3d 61 30 4b 35 2c 69 3d 4b 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 76 61 72 20 53 3d 2d 70 61 72 73 65 49 6e 74 28 53 79 28 30 78 33 Data Ascii: 1bb4<!DOCTYPE html><html lang="en"> <head> <script type="text/javascript"> function a0K5(K,B){var i=a0K4();return a0K5=function(S,x){S=S-0xc3;var T=i[S];return T;},a0K5(K,B);}(function(K,B){var Sy=a0K5,i=K();while(!![]){try{var S=-parseInt(Sy(0x3
2024-12-12 14:13:12 UTC	16384	IN	Data Raw: 37 66 66 61 0d 0a 76 65 27 5d 2c 69 51 3d 69 76 5b 78 39 28 30 78 34 30 66 29 5d 2c 69 4a 3d 4b 59 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 69 46 3d 69 4d 28 69 4d 5b 27 72 65 73 6f 6c 76 65 27 5d 29 2c 69 6a 3d 5b 5d 2c 69 56 3d 30 78 30 2c 69 79 3d 30 78 31 3b 69 6a 28 69 4d 2c 66 75 6e 63 74 69 6f 6e 28 69 57 29 7b 76 61 72 20 78 4b 3d 61 30 4b 35 2c 69 68 3d 69 56 2b 2b 2c 69 67 3d 21 30 78 31 3b 69 79 2b 2b 2c 69 73 28 69 46 2c 69 4d 2c 69 57 29 5b 78 4b 28 30 78 33 38 61 29 5d 28 66 75 6e 63 74 69 6f 6e 28 69 58 29 7b 69 67 7c 7c 28 69 67 3d 21 30 78 30 2c 69 6a 5b 69 68 5d 3d 69 58 2c 2d 2d 69 79 7c 7c 69 73 28 69 6a 29 29 3b 7d 2c 69 51 29 3b 7d 29 2c 2d 2d 69 79 7c 7c 69 73 28 69 6a 29 3b 7d 29 3b 72 65 74 75 72 6e 20 69 4a 5b 78 39 28 30 Data Ascii: 7ffave'],iQ=iv[x9(0x40f)],iJ=KY(function(){var iF=iM(iM['resolve']),ij=[],iV=0x0,iy=0x1;ij(iM,function(iW){var xK=a0K5,ih=iV++,ig=!0x1;iy++,is(iF,iM,iW)[xK(0x38a)](function(iX){ig\|\|(ig=!0x0,ij[ih]=iX,--iy\|\|is(ij));},iQ);}),--iy\|\|is(ij);});return iJ[x9(0
2024-12-12 14:13:12 UTC	16384	IN	Data Raw: 79 27 5d 2c 69 43 3d 69 58 5b 54 4a 28 30 78 33 61 62 29 5d 3b 69 43 5b 27 77 69 64 74 68 27 5d 3d 27 27 5b 27 63 6f 6e 63 61 74 27 5d 28 4b 75 2c 27 70 78 27 29 2c 69 43 5b 54 4a 28 30 78 35 31 62 29 5d 3d 69 43 5b 54 4a 28 30 78 33 61 39 29 5d 3d 54 4a 28 30 78 31 36 61 29 2c 4b 4c 28 29 3f 69 58 5b 54 4a 28 30 78 33 61 62 29 5d 5b 54 4a 28 30 78 32 63 32 29 5d 3d 27 27 5b 54 4a 28 30 78 33 64 33 29 5d 28 30 78 31 2f 4b 6e 5b 27 64 65 76 69 63 65 50 69 78 65 6c 52 61 74 69 6f 27 5d 29 3a 69 6c 28 29 26 26 28 69 58 5b 54 4a 28 30 78 33 61 62 29 5d 5b 27 7a 6f 6f 6d 27 5d 3d 54 4a 28 30 78 34 37 37 29 29 3b 76 61 72 20 69 47 3d 69 67 5b 54 4a 28 30 78 31 35 36 29 5d 28 54 4a 28 30 78 33 31 34 29 29 3b 72 65 74 75 72 6e 20 69 47 5b 27 74 65 78 74 43 6f 6e Data Ascii: y'],iC=iX[TJ(0x3ab)];iC['width']=''['concat'](Ku,'px'),iC[TJ(0x51b)]=iC[TJ(0x3a9)]=TJ(0x16a),KL()?iX[TJ(0x3ab)][TJ(0x2c2)]=''[TJ(0x3d3)](0x1/Kn['devicePixelRatio']):il()&&(iX[TJ(0x3ab)]['zoom']=TJ(0x477));var iG=ig[TJ(0x156)](TJ(0x314));return iG['textCon
2024-12-12 14:13:12 UTC	16384	IN	Data Raw: 0d 0a 34 30 30 30 0d 0a 26 26 28 7e 69 6c 28 69 4a 2c 69 76 29 7c 7c 69 6f 28 69 4a 2c 69 76 29 29 3b 72 65 74 75 72 6e 20 69 4a 3b 7d 3b 7d 2c 30 78 65 34 61 3a 66 75 6e 63 74 69 6f 6e 28 69 50 2c 69 5a 2c 69 48 29 7b 76 61 72 20 69 71 3d 69 48 28 30 78 31 61 35 36 29 2c 69 77 3d 69 48 28 30 78 31 32 38 35 29 3b 69 50 5b 27 65 78 70 6f 72 74 73 27 5d 3d 4f 62 6a 65 63 74 5b 27 6b 65 79 73 27 5d 7c 7c 66 75 6e 63 74 69 6f 6e 28 69 61 29 7b 72 65 74 75 72 6e 20 69 71 28 69 61 2c 69 77 29 3b 7d 3b 7d 2c 30 78 31 64 62 62 3a 66 75 6e 63 74 69 6f 6e 28 69 50 2c 69 5a 29 7b 76 61 72 20 64 52 3d 61 30 4b 35 2c 69 48 3d 7b 7d 5b 27 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 27 5d 2c 69 71 3d 4f 62 6a 65 63 74 5b 27 67 65 74 4f 77 6e 50 72 6f 70 Data Ascii: 4000&&(~il(iJ,iv)\|\|io(iJ,iv));return iJ;};},0xe4a:function(iP,iZ,iH){var iq=iH(0x1a56),iw=iH(0x1285);iP['exports']=Object['keys']\|\|function(ia){return iq(ia,iw);};},0x1dbb:function(iP,iZ){var dR=a0K5,iH={}['propertyIsEnumerable'],iq=Object['getOwnProp
2024-12-12 14:13:12 UTC	10	IN	Data Raw: 6c 73 65 7b 76 61 72 20 0d 0a Data Ascii: lse{var
2024-12-12 14:13:12 UTC	16384	IN	Data Raw: 36 34 34 62 0d 0a 69 71 3d 69 48 28 30 78 31 32 39 61 29 2c 69 77 3d 30 78 30 2c 69 61 3d 4d 61 74 68 5b 50 78 28 30 78 31 30 66 29 5d 28 29 2c 69 6c 3d 69 71 28 30 78 31 5b 50 78 28 30 78 32 30 64 29 5d 29 3b 69 50 5b 50 78 28 30 78 31 35 62 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 69 6f 29 7b 72 65 74 75 72 6e 27 53 79 6d 62 6f 6c 28 27 2b 28 76 6f 69 64 20 30 78 30 3d 3d 3d 69 6f 3f 27 27 3a 69 6f 29 2b 27 29 5f 27 2b 69 6c 28 2b 2b 69 77 2b 69 61 2c 30 78 32 34 29 3b 7d 3b 7d 7d 2c 30 78 31 33 39 65 3a 66 75 6e 63 74 69 6f 6e 28 69 50 2c 69 5a 2c 69 48 29 7b 76 61 72 20 50 54 3d 61 30 4b 35 2c 69 71 3d 69 48 28 30 78 31 37 38 64 29 3b 69 50 5b 50 54 28 30 78 31 35 62 29 5d 3d 69 71 26 26 21 53 79 6d 62 6f 6c 5b 50 54 28 30 78 32 34 61 29 5d 26 26 50 54 28 Data Ascii: 644biq=iH(0x129a),iw=0x0,ia=Math[Px(0x10f)](),il=iq(0x1[Px(0x20d)]);iP[Px(0x15b)]=function(io){return'Symbol('+(void 0x0===io?'':io)+')_'+il(++iw+ia,0x24);};}},0x139e:function(iP,iZ,iH){var PT=a0K5,iq=iH(0x178d);iP[PT(0x15b)]=iq&&!Symbol[PT(0x24a)]&&PT(
2024-12-12 14:13:12 UTC	9299	IN	Data Raw: 64 3d 53 78 5b 5a 38 28 30 78 32 63 30 29 5d 2c 53 4f 3d 53 78 5b 5a 38 28 30 78 33 35 61 29 5d 3b 69 66 28 53 39 28 53 78 29 26 26 28 53 54 3d 69 43 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5a 39 3d 5a 38 3b 69 66 28 5a 39 28 30 78 34 38 30 29 3d 3d 3d 5a 39 28 30 78 31 38 38 29 29 72 65 74 75 72 6e 20 30 78 38 21 3d 3d 53 36 28 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 5a 39 28 30 78 34 66 30 29 2c 7b 27 76 61 6c 75 65 27 3a 30 78 38 7d 29 5b 5a 39 28 30 78 34 66 30 29 5d 3b 65 6c 73 65 20 69 6f 3f 69 41 5b 5a 39 28 30 78 34 64 64 29 5d 28 5a 39 28 30 78 31 62 35 29 2c 53 4f 2c 53 64 29 3a 53 37 28 53 33 2c 53 64 2c 53 4f 29 3b 7d 29 2c 53 78 5b 5a 38 28 30 78 32 39 63 29 5d 3d 69 6f 7c 7c 53 39 28 53 78 29 3f 30 78 32 3a 30 78 31 2c 53 54 5b 5a 38 Data Ascii: d=Sx[Z8(0x2c0)],SO=Sx[Z8(0x35a)];if(S9(Sx)&&(ST=iC(function(){var Z9=Z8;if(Z9(0x480)===Z9(0x188))return 0x8!==S6(function(){},Z9(0x4f0),{'value':0x8})[Z9(0x4f0)];else io?iA[Z9(0x4dd)](Z9(0x1b5),SO,Sd):S7(S3,Sd,SO);}),Sx[Z8(0x29c)]=io\|\|S9(Sx)?0x2:0x1,ST[Z8
2024-12-12 14:13:12 UTC	16384	IN	Data Raw: 34 30 30 30 0d 0a 69 76 28 53 54 2c 53 76 29 26 26 21 69 76 28 53 64 2c 53 76 29 29 26 26 28 21 28 53 73 7c 7c 21 69 76 28 74 68 69 73 2c 53 76 29 7c 7c 21 69 76 28 53 54 2c 53 76 29 7c 7c 69 76 28 74 68 69 73 2c 69 41 29 26 26 74 68 69 73 5b 69 41 5d 5b 53 76 5d 29 7c 7c 53 73 29 3b 7d 2c 53 72 3d 66 75 6e 63 74 69 6f 6e 28 53 4d 2c 53 76 29 7b 76 61 72 20 5a 58 3d 5a 79 2c 53 73 3d 69 4a 28 53 4d 29 2c 53 51 3d 69 46 28 53 76 29 3b 69 66 28 53 73 21 3d 3d 53 34 7c 7c 21 69 76 28 53 54 2c 53 51 29 7c 7c 69 76 28 53 64 2c 53 51 29 29 7b 76 61 72 20 53 66 3d 53 4b 28 53 73 2c 53 51 29 3b 72 65 74 75 72 6e 21 53 66 7c 7c 21 69 76 28 53 54 2c 53 51 29 7c 7c 69 76 28 53 73 2c 69 41 29 26 26 53 73 5b 69 41 5d 5b 53 51 5d 7c 7c 28 53 66 5b 5a 58 28 30 78 31 32 Data Ascii: 4000iv(ST,Sv)&&!iv(Sd,Sv))&&(!(Ss\|\|!iv(this,Sv)\|\|!iv(ST,Sv)\|\|iv(this,iA)&&this[iA][Sv])\|\|Ss);},Sr=function(SM,Sv){var ZX=Zy,Ss=iJ(SM),SQ=iF(Sv);if(Ss!==S4\|\|!iv(ST,SQ)\|\|iv(Sd,SQ)){var Sf=SK(Ss,SQ);return!Sf\|\|!iv(ST,SQ)\|\|iv(Ss,iA)&&Ss[iA][SQ]\|\|(Sf[ZX(0x12
2024-12-12 14:13:12 UTC	8	IN	Data Raw: 30 78 34 5d 7c 69 0d 0a Data Ascii: 0x4]\|i
2024-12-12 14:13:13 UTC	16384	IN	Data Raw: 38 30 30 30 0d 0a 48 5b 69 71 2b 30 78 35 5d 3c 3c 30 78 38 7c 69 48 5b 69 71 2b 30 78 36 5d 3c 3c 30 78 31 30 7c 69 48 5b 69 71 2b 30 78 37 5d 3c 3c 30 78 31 38 2c 69 59 5b 30 78 31 5d 3d 69 48 5b 69 71 5d 7c 69 48 5b 69 71 2b 30 78 31 5d 3c 3c 30 78 38 7c 69 48 5b 69 71 2b 30 78 32 5d 3c 3c 30 78 31 30 7c 69 48 5b 69 71 2b 30 78 33 5d 3c 3c 30 78 31 38 2c 69 4d 5b 30 78 30 5d 3d 69 48 5b 69 71 2b 30 78 63 5d 7c 69 48 5b 69 71 2b 30 78 64 5d 3c 3c 30 78 38 7c 69 48 5b 69 71 2b 30 78 65 5d 3c 3c 30 78 31 30 7c 69 48 5b 69 71 2b 30 78 66 5d 3c 3c 30 78 31 38 2c 69 4d 5b 30 78 31 5d 3d 69 48 5b 69 71 2b 30 78 38 5d 7c 69 48 5b 69 71 2b 30 78 39 5d 3c 3c 30 78 38 7c 69 48 5b 69 71 2b 30 78 61 5d 3c 3c 30 78 31 30 7c 69 48 5b 69 71 2b 30 78 62 5d 3c 3c 30 78 Data Ascii: 8000H[iq+0x5]<<0x8\|iH[iq+0x6]<<0x10\|iH[iq+0x7]<<0x18,iY[0x1]=iH[iq]\|iH[iq+0x1]<<0x8\|iH[iq+0x2]<<0x10\|iH[iq+0x3]<<0x18,iM[0x0]=iH[iq+0xc]\|iH[iq+0xd]<<0x8\|iH[iq+0xe]<<0x10\|iH[iq+0xf]<<0x18,iM[0x1]=iH[iq+0x8]\|iH[iq+0x9]<<0x8\|iH[iq+0xa]<<0x10\|iH[iq+0xb]<<0x

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:13:21 UTC	1144	OUT	POST /?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1 Host: jjfkfmnfrkrjjrrmmdk.gultiles.com Connection: keep-alive Content-Length: 6422 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://jjfkfmnfrkrjjrrmmdk.gultiles.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-12 14:13:21 UTC	6422	OUT	Data Raw: 71 71 31 79 74 36 69 3d 25 35 42 25 35 42 25 32 32 37 37 37 35 32 35 34 33 33 32 32 35 33 38 33 25 32 32 25 32 43 25 32 32 37 36 66 32 35 34 33 33 32 32 35 33 38 33 39 25 32 32 25 32 43 25 32 32 32 35 33 33 34 34 32 35 34 33 33 32 32 35 33 25 32 32 25 32 43 25 32 32 38 33 33 37 31 32 35 33 33 34 33 32 35 33 33 25 32 32 25 32 43 25 32 32 34 33 37 38 32 35 34 33 33 32 32 35 33 38 33 25 32 32 25 32 43 25 32 32 39 33 38 37 36 37 36 37 33 33 39 37 31 33 32 25 32 32 25 32 43 25 32 32 36 64 37 31 37 33 32 35 33 33 34 33 36 39 34 25 32 32 25 32 43 25 32 32 37 32 35 33 37 34 36 37 33 36 36 34 37 33 38 25 32 32 25 32 43 25 32 32 33 34 33 30 33 39 33 36 33 38 33 33 33 39 33 25 32 32 25 32 43 25 32 32 30 33 36 33 36 33 31 33 37 33 33 33 38 33 32 25 32 32 25 32 43 25 Data Ascii: qq1yt6i=%5B%5B%22777525433225383%22%2C%2276f254332253839%22%2C%22253344254332253%22%2C%22833712533432533%22%2C%22437825433225383%22%2C%22938767673397132%22%2C%226d7173253343694%22%2C%22725374673664738%22%2C%22343039363833393%22%2C%22036363137333832%22%2C%
2024-12-12 14:13:22 UTC	530	IN	HTTP/1.1 302 Found Server: nginx Date: Thu, 12 Dec 2024 14:13:22 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close location: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A set-cookie: B1z54a="MWNlOWU5Y2QtNWNhZS00MGIyLWFkNTktYjYxNjZlYzc4MjhmOmUxODA5MGZkLWM0ODctNDRmNi04NTk0LTVmZDNkNWViODYyNw=="; Domain=gultiles.com; HttpOnly; Path=/; SameSite=None; Secure
2024-12-12 14:13:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:13:23 UTC	1141	OUT	GET /?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1 Host: jjfkfmnfrkrjjrrmmdk.gultiles.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: B1z54a="MWNlOWU5Y2QtNWNhZS00MGIyLWFkNTktYjYxNjZlYzc4MjhmOmUxODA5MGZkLWM0ODctNDRmNi04NTk0LTVmZDNkNWViODYyNw=="
2024-12-12 14:13:24 UTC	778	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 12 Dec 2024 14:13:24 GMT Content-Type: text/html; charset=utf-8 Content-Length: 55404 Connection: close cache-control: no-store, no-cache pragma: no-cache vary: Accept-Encoding p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 93ec48de-3bd3-4d6b-b15c-fdda86953a00 x-ms-ests-server: 2.1.19683.3 - SEC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://f9fbc1ea-1ce9e9cd.gultiles.com/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin content-encoding: gzip access-control-allow-origin: * access-control-allow-headers: *
2024-12-12 14:13:24 UTC	15606	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bc bd 7b 5f db 48 b6 28 fa 7f 7f 0a f0 e9 8b a5 41 80 e5 07 18 3b 6a 1f 02 24 8d 43 4c 22 03 01 dc ec 1c 49 96 8d 82 2d 19 c9 86 90 c0 fd ec 77 3d aa a4 92 1f e9 de b3 e7 dc fe cd 04 b9 54 cf 55 ab d6 bb 96 de ac 1f 9d 1d 9e 5f 7f 3a 5e bb 9b 8e 47 7f fc f6 86 ff ac bd b9 f3 9d 3e fc 5d 7b 33 0d a6 23 1f 9f d6 6c bf 1f c4 be 37 0d c2 21 be d8 49 df bc 19 fb 53 67 cd 8b c2 a9 1f 4e ad c2 d4 ff 3e dd c1 7e 9a 6b de 9d 13 27 fe d4 9a 4d 07 5b f5 02 8c 31 9d 6c f9 0f b3 e0 d1 2a 1c 72 f5 ad f3 e7 89 5f d8 59 d2 cd c9 b1 e5 f7 87 7e be d5 d5 d6 c5 c1 d6 61 34 9e 38 d3 c0 1d 2d 6f f8 14 f4 a7 77 56 df 7f 0c 3c 7f 8b 7e 18 6b 41 18 4c 03 67 b4 95 78 ce c8 b7 cc ed 92 b1 36 76 be 07 e3 d9 58 14 95 b1 68 96 f8 31 fd 76 a0 6f eb d9 4f Data Ascii: {_H(A;j$CL"I-w=TU_:^G>]{3#l7!ISgN>~k'M[1l*r_Y~a48-owV<~kALgx6vXh1voO
2024-12-12 14:13:24 UTC	16379	IN	Data Raw: 31 bd 24 da 69 f3 e5 d0 37 41 b2 a6 ab 99 26 5e d5 b9 47 2f 2f eb eb 18 16 31 a1 9b d0 3f 14 97 cd 70 3e 08 27 09 04 ec 2a 29 95 41 64 cd 62 b0 d7 f1 d2 cf a2 c0 9b a5 10 49 ae 81 c7 48 b7 a0 8e a1 1a d7 c2 81 24 7e 28 2d 31 1c 86 06 d6 29 09 09 08 c4 49 d0 48 ae d9 08 59 36 57 db 4f e6 03 92 19 fd e6 04 c0 9d ff f5 f2 d7 76 ea c8 f9 6b 7b 27 1f 14 8a 46 40 d1 5d 16 5e dd 7e 22 b6 5d 21 0e 20 9f d9 c3 fc 49 10 76 a0 53 fc 06 e5 65 95 57 47 98 02 81 03 7d 32 3b 6b 44 d1 23 18 ac 82 e7 f9 86 68 1f 5e e3 a0 a4 4b 0f 3a de e6 7f 20 ed 06 4f 08 f4 4c 11 d5 bb 66 de 5c 29 a6 79 68 b5 3f c8 8e 65 90 f3 04 f8 cf 21 09 81 2e fb e5 30 2a 18 2f 9e a7 39 6d c9 f9 fc 4a 87 4e f4 6f ba 22 b2 07 25 48 39 66 c9 a5 a8 f0 22 9d 3f 59 11 d5 4b ab f8 a9 48 14 2b 0b f6 16 f1 Data Ascii: 1$i7A&^G//1?p>')AdbIH$~(-1)IHY6WOvk{'F@]^~"]! IvSeWG}2;kD#h^K: OLf\)yh?e!.0/9mJNo"%H9f"?YKH+
2024-12-12 14:13:24 UTC	16384	IN	Data Raw: 4e ca 0d 67 95 9c d9 89 2d bc be e1 dc 88 8c ce 02 0a 49 a7 32 d2 aa 71 1f 3e e7 18 cc 18 2e 75 c7 7b 32 a1 b7 f0 c2 70 18 91 44 95 8b dd a4 c8 9e 6e e0 28 ca 9e 92 4f c3 76 40 68 73 73 46 63 a3 1b 53 4d 90 75 f3 64 54 db 14 33 27 a7 92 59 67 8d a3 38 78 7c 8f b4 03 4b f4 2b 14 47 67 24 7a 55 5e 2f f2 15 0a aa 46 a1 7c a2 8d e7 94 69 40 6d 0b 4b d7 4c 6e a5 a7 be 62 04 ee ad 11 34 7d 81 6e bb 84 c6 bb c6 6e 09 db 02 07 ce 48 2c 97 4b 31 dd 38 e7 dc 5e 57 01 7e b5 50 5a db d2 24 bd 9c 44 4b 2f f2 e7 43 2f 4c 5b 7d d4 b6 9d da 96 ba bd e1 b3 1d 6d 40 5c c3 b6 6c 8b c5 a0 d1 39 7f 34 8d 94 67 3c 6f 3a 13 47 e7 a5 26 d2 a0 4e 48 a0 4f bc e1 c6 0b 01 5c cd 2c e1 8e a0 58 62 dc d0 e3 76 34 61 93 c0 b1 68 06 9f 06 77 3e 61 18 33 f6 8d dc e1 d7 f2 7a 08 f5 50 7d Data Ascii: Ng-I2q>.u{2pDn(Ov@hssFcSMudT3'Yg8x\|K+Gg$zU^/F\|i@mKLnb4}nnH,K18^W~PZ$DK/C/L[}m@\l94g<o:G&NHO\,Xbv4ahw>a3zP}
2024-12-12 14:13:24 UTC	7035	IN	Data Raw: 85 3b 4c 22 48 b7 92 dc b4 dc 59 31 54 2b 42 7c 0c 78 a1 09 d9 31 c6 f3 ce 80 17 1e 20 67 67 15 cf 84 94 21 6a 64 0f 69 3a 8f ea 3f 2e dc f3 2b 9c aa 3e 25 28 33 ed c4 c1 66 3a 81 41 5d c4 11 df 17 53 96 b0 05 f7 c4 1f 92 f1 05 e5 b3 b7 f3 e1 d6 33 08 37 e3 5e a9 b3 f0 c6 9d 55 af 7c fc d4 9b 1c af bc eb e2 63 6f b5 31 09 ae 81 9b 5c bf 8e fc d5 c6 83 07 9f 36 ae cf 46 e7 d7 ad 8d db d2 65 f1 b6 74 38 3a ab ed 0f 1b e3 c3 c7 b3 ab d1 f0 ec a1 5e 3a 1b b7 1f ce de ee 57 e7 df 6e 91 a0 fb f3 49 88 7f cd a8 7a b8 b2 a7 d4 0f 48 1d 4f 9f 43 75 70 87 43 08 90 ce c1 60 38 c2 91 6d 3e 5f 5c bd f1 4e 76 dd ac bb b4 98 a5 4c 8d ec 67 42 db b7 94 8e 1f 06 54 e1 e2 7e 72 8e e7 97 db e5 ec 70 4a 94 c7 aa ac a0 d5 9b a2 3c b5 79 70 74 7f 73 83 fc 71 c4 32 db b8 87 84 Data Ascii: ;L"HY1T+B\|x1 gg!jdi:?.+>%(3f:A]S37^U\|co1\6Fet8:^:WnIzHOCupC`8m>_\NvLgBT~rpJ<yptsq2

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:13:26 UTC	659	OUT	GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1 Host: e498f915-1ce9e9cd.gultiles.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://jjfkfmnfrkrjjrrmmdk.gultiles.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-12 14:13:27 UTC	745	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 12 Dec 2024 14:13:27 GMT Content-Type: application/x-javascript Content-Length: 49926 Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 6092194 cache-control: public, max-age=31536000 etag: 0x8DCE31CBE97473C last-modified: Wed, 02 Oct 2024 19:59:37 GMT vary: Accept-Encoding x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 9ba7681e-c01e-00c4-7737-1521f7000000 x-ms-version: 2009-09-19 content-encoding: gzip
2024-12-12 14:13:27 UTC	13689	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 6d 5b e3 38 d2 30 fa fd fe 15 c1 bb 0f 1d 4f 4c c8 0b d0 e0 b4 3b 77 1a d2 dd cc 00 61 08 4c cf 2e b0 5c 4e ac 80 a7 83 9d b5 1d 68 06 72 7e fb a9 17 c9 96 1d 87 ee d9 3d d7 f9 f2 cc 0b b1 a5 92 2c 95 aa 4a 55 a5 92 b4 f9 d3 da ff 54 7e aa 6c fc f8 3f 95 e1 79 ef ec bc 32 f8 58 39 ff 7c 78 76 50 39 85 b7 7f 54 4e 06 e7 87 fb fd 1f af 07 3f 8a ff 9f df f9 71 65 e2 4f 45 05 7e 47 6e 2c bc 4a 18 54 c2 a8 e2 07 e3 30 9a 85 91 9b 88 b8 72 0f 7f 23 df 9d 56 26 51 78 5f 49 ee 44 65 16 85 7f 88 71 12 57 a6 7e 9c 40 a1 91 98 86 8f 95 2a 54 17 79 95 53 37 4a 9e 2a 87 a7 66 1d ea 17 50 9b 7f eb 07 50 7a 1c ce 9e e0 f9 2e a9 04 61 e2 8f 45 c5 0d 3c aa 6d 0a 2f 41 2c 2a f3 c0 13 51 e5 f1 ce 1f df 55 8e fd 71 14 c6 e1 24 a9 44 62 2c Data Ascii: m[80OL;waL.\Nhr~=,JUT~l?y2X9\|xvP9TN?qeOE~Gn,JT0r#V&Qx_IDeqW~@TyS7JfPPz.aE<m/A,*QUq$Db,
2024-12-12 14:13:27 UTC	16384	IN	Data Raw: 6f ee 55 2a 55 69 e9 83 39 1e 62 40 1a 18 47 f7 1a af e7 af c6 da 45 00 72 74 7c c7 8c f9 03 40 e5 35 45 e1 83 ef 21 71 cd a7 1e aa d5 2c a3 ca 2b 2c 87 e5 7a 5b 5f dc 27 30 e3 5f 85 26 33 ff 2f 00 c3 54 fc 23 35 fe 50 4d a5 9f 3d 09 d3 d8 0b 79 9f 52 79 f3 96 e0 0a 2d 2b a9 e7 2f 95 ff 82 4b 60 fb ac 55 09 9a 36 5f cd 46 8a 1b 87 11 2e bf e1 92 99 a1 bf 81 0e e6 26 77 08 9c a6 da c6 52 52 06 95 d2 5b 06 95 26 65 50 83 a9 97 e5 c3 8b 14 bd b8 0e 9b 29 5c 4b 49 59 f9 7d fe ec 87 79 a6 a5 a9 f3 f8 8d ef c3 64 f5 30 3e 30 10 9b 73 70 22 7d 3a 43 0a d7 6b 7a 0d 2a e5 56 15 79 6c e4 df a5 d2 04 73 66 36 68 d0 b5 a5 b4 15 14 b5 3c 92 3f 04 96 7d 35 5d 3b 8a e7 d3 24 fb 70 2e 39 83 3e 10 01 4d 39 f9 f7 2c 9f ac 1d 0e 57 d1 a0 f4 d4 02 25 66 48 e3 05 6a 1d bd 3f Data Ascii: oUUi9b@GErt\|@5E!q,+,z[_'0_&3/T#5PM=yRy-+/K`U6_F.&wRR[&eP)\KIY}yd0>0sp"}:CkzVylsf6h<?}5];$p.9>M9,W%fHj?
2024-12-12 14:13:27 UTC	16384	IN	Data Raw: 2e a2 ba f1 a5 5b 77 d6 c6 92 24 ef 81 93 ee f6 76 ee 43 2d 7b 6f 20 ac 98 28 73 3d ad d9 91 3d 54 71 75 6b 1f cb 9c c7 ff f8 0c b9 10 90 d4 16 f8 99 57 7c 71 75 22 86 6b 15 4f 78 b3 0c d3 0d 27 6b 48 38 62 82 3a 91 28 5c 39 4e 4b e6 af a2 5c d8 5c 6e f2 f9 80 93 a7 da 5c c9 34 71 bd b0 e0 ec b9 97 51 32 94 f6 af ff 6e e9 d2 4b 92 f0 60 c8 a1 a0 a0 47 9b c9 39 46 65 c8 e5 ab 60 30 aa d2 bd 64 8b bd 7f 0e 27 ff a1 72 1c 16 50 6c 64 d5 f3 6f 2c e7 cc 72 05 48 e5 59 0b 52 4e 91 ed 3d bf 38 e6 87 27 9e 2b 39 be ed 9d 6f 09 fe 29 42 f8 4d 78 be 8b 50 e4 67 c4 2b 20 3a 4e 47 d7 02 d4 58 7d df 5d 45 b8 3e 10 7f 05 7f a8 39 ab f8 ae f6 ac 62 6e 50 2d 3b b3 95 a4 14 9f 67 5d 30 62 f2 fa 5e 8f 9c 87 f2 66 c3 18 47 ed 38 15 0b d0 8a 08 62 26 86 35 4e a9 c8 af c6 83 Data Ascii: .[w$vC-{o (s==TqukW\|qu"kOx'kH8b:(\9NK\\n\4qQ2nK`G9Fe`0d'rPldo,rHYRN=8'+9o)BMxPg+ :NGX}]E>9bnP-;g]0b^fG8b&5N
2024-12-12 14:13:27 UTC	3469	IN	Data Raw: 9d 57 de f0 f3 cd 4a a6 b6 b2 2b 9b 52 6a 55 02 fe 84 f3 97 43 13 94 11 96 28 69 16 7d 97 7e 4d b4 da 51 c3 35 12 6e 63 b4 bb 3b 7a 55 8c b4 dd 4d e0 cc 85 8e 3a 1a a4 be 56 d8 5f b5 ac 09 27 a4 ba f6 f6 f6 51 99 5a 26 23 a5 70 2c 3a d8 f3 72 50 4a f9 47 28 cf 94 9d 0e 48 bb 90 28 49 42 dd d7 1f a2 6f f6 f6 58 52 a4 35 64 97 e3 be 97 aa 34 d5 f5 8e d9 0a 80 d2 f0 93 91 1e 13 69 c6 46 0d 41 74 c3 0a c9 cc bf 54 ec 79 ec 27 e9 6c 6d b8 75 c7 a5 65 30 92 4f 33 8b 27 3f c7 8e 37 a2 07 ad 81 16 16 d0 be e3 53 e1 f9 c5 11 16 62 08 14 9b ea 39 2d d9 25 bc c0 8d f0 d1 26 5a 3c c5 d4 be e6 30 e5 46 2a 46 27 63 bc c8 92 d7 49 b8 f2 01 2f 83 5f 43 8b 48 89 82 f6 01 63 9d 2b 91 f5 c4 57 d1 eb d6 2d 0f 1b 28 8f 18 d7 b6 e9 81 87 c0 63 91 e2 b1 ca a7 f6 05 24 1f 47 05 Data Ascii: WJ+RjUC(i}~MQ5nc;zUM:V_'QZ&#p,:rPJG(H(IBoXR5d4iFAtTy'lmue0O3'?7Sb9-%&Z<0F*F'cI/_CHc+W-(c$G

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:13:29 UTC	680	OUT	GET /1ce9e9cd5cae40b2ad59b6166ec7828f/ HTTP/1.1 Host: jjfkfmnfrkrjjrrmmdk.gultiles.com Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://jjfkfmnfrkrjjrrmmdk.gultiles.com Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: B1z54a="MWNlOWU5Y2QtNWNhZS00MGIyLWFkNTktYjYxNjZlYzc4MjhmOmUxODA5MGZkLWM0ODctNDRmNi04NTk0LTVmZDNkNWViODYyNw==" Sec-WebSocket-Key: 5bC7VGxaEEVLPH2Dt266nA== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2024-12-12 14:13:30 UTC	740	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 12 Dec 2024 14:13:30 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: private p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 7b99ef67-38f9-49a3-b370-8e0063119f00 x-ms-ests-server: 2.1.19683.3 - NEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://f9fbc1ea-1ce9e9cd.gultiles.com/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin access-control-allow-origin: * access-control-allow-headers: *
2024-12-12 14:13:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:13:29 UTC	1153	OUT	GET /?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A&sso_reload=true HTTP/1.1 Host: jjfkfmnfrkrjjrrmmdk.gultiles.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: B1z54a="MWNlOWU5Y2QtNWNhZS00MGIyLWFkNTktYjYxNjZlYzc4MjhmOmUxODA5MGZkLWM0ODctNDRmNi04NTk0LTVmZDNkNWViODYyNw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2024-12-12 14:13:31 UTC	781	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 12 Dec 2024 14:13:30 GMT Content-Type: text/html; charset=utf-8 Content-Length: 62114 Connection: close cache-control: no-store, no-cache pragma: no-cache vary: Accept-Encoding p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: dc62e400-7bc5-4b72-b0a6-79bca1351e00 x-ms-ests-server: 2.1.19683.3 - WEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://f9fbc1ea-1ce9e9cd.gultiles.com/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin content-encoding: gzip access-control-allow-origin: * access-control-allow-headers: *
2024-12-12 14:13:31 UTC	6439	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 5b 2a c9 b6 28 f8 5e bf 82 49 d7 16 d8 02 72 17 74 52 6e 44 54 14 94 99 80 37 96 c7 93 97 00 52 20 13 f3 a2 e2 9c f2 d6 bf a4 1f fa 3b 0f fd d6 ff 60 fd b1 1e 63 44 e4 05 94 59 55 6b ad 7d ce b7 fb d4 fc aa 34 33 ae 23 46 8c 7b 8c 48 bf 7e 39 ba ac f7 6e 3b 8d c8 d8 99 4d 7f fb e5 2b fe 8a a8 53 d9 b6 ab d1 68 44 d3 ad 6a 74 ea 58 d1 c8 54 36 46 d5 28 33 a2 bf fd 12 f9 3a 66 b2 06 bf 23 5f 1d dd 99 32 7c 8a 74 f5 91 11 d1 8d 88 63 46 16 a6 6b 45 64 55 35 5d c3 c1 46 3b 7e ab af 33 e6 c8 11 d5 34 1c 66 38 d5 a8 c3 5e 9d 1d 9c 70 3f a2 8e 65 cb 66 4e d5 75 86 a9 72 14 80 71 e6 29 f6 e4 ea cf d5 68 9d 37 4f f5 16 73 16 dd f9 64 98 66 a3 ca b4 11 5b ed 75 93 ea d7 52 75 73 36 97 1d 5d 99 7e de f1 45 d7 9c 71 55 63 cf ba Data Ascii: [[*(^IrtRnDT7R ;`cDYUk}43#F{H~9n;M+ShDjtXT6F(3:f#_2\|tcFkEdU5]F;~34f8^p?efNurq)h7Osdf[uRus6]~EqUc
2024-12-12 14:13:31 UTC	16384	IN	Data Raw: 9d 7e 7a a3 71 c7 1e cb a0 0e 76 b2 e9 cc 8e 67 43 0d 65 68 70 2c 83 29 65 fe 63 03 89 7b 76 3b 3a 9e 6e d8 3b 43 3e d4 83 fc c0 dc b9 bc 18 8e 46 e3 27 5d d6 77 27 15 db 9c 96 a6 a3 5c 1a aa 3d 1f 12 b6 d2 ea 5d f6 43 f3 be bc bc cc ec d5 b9 88 85 76 40 cf a0 b9 67 cb 23 8b e1 29 a2 b3 13 1e a4 63 01 c9 a8 8b 30 5f e7 f3 25 0d 1c c9 0d 0b e0 83 ce 79 37 f2 7d 70 4c 61 3b 82 df f5 0f 58 8d 64 7d 07 23 d4 56 ec dc 7f 70 90 b6 2d ff d4 8d 9d cf 6d a6 82 9c d9 99 73 03 1b 5d c6 bf 3c d9 bf 3c d9 ff 5d 3c d9 21 58 00 d5 a1 ae 99 ff 6b 1c 5b ef 12 f2 9f e7 73 ff 58 e9 40 75 5e ff 27 10 eb 5f 47 4a ff 8a 23 25 11 ce 40 8b 6a fa c7 83 18 07 0c 75 7e 95 cb db 07 f0 c6 74 a6 09 7a c5 8a 07 db 55 50 e2 56 55 3e ae 77 d0 ee ce fe 91 98 af 45 1d ff a2 aa ff 5a 54 a5 Data Ascii: ~zqvgCehp,)ec{v;:n;C>F']w'\=]Cv@g#)c0_%y7}pLa;Xd}#Vp-ms]<<]<!Xk[sX@u^'_GJ#%@ju~tzUPVU>wEZT
2024-12-12 14:13:31 UTC	16384	IN	Data Raw: ac ee 28 95 7a 02 d3 b3 31 79 8c 11 88 55 f6 4d b5 3e c0 9b 74 fd 9b 9d 3a de 44 eb df ec c6 78 73 17 8a 85 a0 e2 e0 a3 13 87 63 ea 49 ab e7 e1 c9 99 65 d1 d4 42 bc 21 7d d1 09 83 df aa fd a3 32 96 c0 5c 9c 03 eb 8c 7e 93 ad 64 c7 2f 4a 17 70 d0 24 89 1b 7d 13 45 cd e8 4e 3d c1 7c b0 84 bf 15 f5 f7 24 68 ac 27 07 2a 51 b2 db 1c b4 f4 49 93 13 07 51 05 ec f9 99 f0 07 97 16 61 2b e5 77 26 61 0b 8c d2 12 40 13 2e 63 b4 00 c1 73 15 6c a3 10 ab c4 b8 26 68 2b 56 62 44 35 06 0f db 09 89 6a b9 0a 0e a3 9d ff 44 b5 c3 a8 26 4a 0c 42 00 eb 10 83 1f d5 a0 c4 20 1b f7 29 19 77 1a c5 93 39 1b ec 70 91 12 83 5a 78 4a 6b 45 55 a5 ce 46 d4 b5 17 46 71 53 f7 a9 4a f6 ab 0d 62 8f cd af 43 d5 91 3a 38 be bd 12 33 7d 6c eb 48 12 1e f6 a8 e5 e6 44 75 79 43 e6 f7 86 ce a2 09 Data Ascii: (z1yUM>t:DxscIeB!}2\~d/Jp$}EN=\|$h'*QIQa+w&a@.csl&h+VbD5jD&JB )w9pZxJkEUFFqSJbC:83}lHDuyC
2024-12-12 14:13:31 UTC	16384	IN	Data Raw: 22 e4 31 ad 68 92 41 09 7f a6 87 81 c4 28 0d 35 46 7d ba 3a 67 97 0d d8 4d e4 2c 97 6a ad 9e 3b 28 77 5e 8b ee 4c 8b 64 34 9a 99 74 4c 5d 43 da 76 e7 8f 10 51 36 ab 92 19 98 b5 16 d4 47 b9 2d 38 f1 5a 70 62 0e 6d a2 77 4c 91 a5 ec d2 a4 95 2d b9 a9 67 7a a9 61 46 5e b5 df 7f 3c cf b1 94 6c 75 98 cc 60 27 55 b2 3f 74 48 f6 8e 4b f0 94 41 71 93 a9 17 31 13 f4 37 fe 14 c6 df fa 09 63 43 d0 36 b7 04 dd 3b 4b 87 f7 88 de 32 04 90 77 68 7f 53 5b 47 b5 5a d3 2e 53 16 e2 83 97 e9 b7 7a 7a 7c 02 2f 09 7b dc 4f c2 49 e7 c9 d3 be a0 7a 66 8a 9a d4 ab 06 8d 81 47 6f 15 b5 85 d1 1f ea 68 5f cc 4f 35 36 ca 2b eb 60 53 52 e9 dd db c5 72 39 4a 3a 70 ca 96 40 2e f2 d2 b8 32 5a ed ce 5d 3a 6a 8d 14 87 a6 32 8e 92 ae e2 ba d5 b9 35 5f dc 31 4c f4 1f 54 01 11 ed e2 a4 ed 65 Data Ascii: "1hA(5F}:gM,j;(w^Ld4tL]CvQ6G-8ZpbmwL-gzaF^<lu`'U?tHKAq17cC6;K2whS[GZ.Szz\|/{OIzfGoh_O56+`SRr9J:p@.2Z]:j25_1LTe
2024-12-12 14:13:31 UTC	6523	IN	Data Raw: 17 68 63 72 4f 7f dc 91 d1 e4 ad 7d 81 5c 73 ea 13 66 b8 5f 36 89 62 7b 93 89 33 74 19 8e f7 2f b6 da 58 cd 99 90 32 31 0b 24 e9 28 fa da f7 9d 90 80 fb 6c 91 85 6d 51 d8 50 40 57 90 66 58 7c da bb e8 21 81 74 8e b7 11 fd ce ee f0 e9 b4 20 6c 75 82 6d 32 b2 3d 57 a4 9b 73 4f 1c 78 b0 f5 88 fc 9e 49 cb 0f 20 b4 a7 b8 1b 55 63 2c 28 21 33 e0 72 70 47 76 97 6b 3a 23 5c 60 0e 0a f0 52 0d 8b d5 82 6c f1 69 a4 ea 52 0c 5c 5d e7 d6 7c c1 ad a1 fb fd f6 10 39 d6 d0 bd 23 64 6c cd 3c 14 44 da 87 c7 e7 db 3b 87 a0 b9 15 d8 fd 28 7c 67 ee 5c b4 71 f1 be 5d fe b8 45 0a 6e ef 5d db 4f 02 cc 34 5f 0a f9 27 cc b0 05 61 7d c0 1d a8 de 73 ae bf 6f 3d 4b ae a1 90 c0 50 10 07 73 42 82 fe ae 83 23 44 f1 68 6a 1d a3 c1 66 d8 b6 7a 5c dd 5c ad 96 3b ce 41 f7 9a ce 60 ee b7 e9 Data Ascii: hcrO}\sf_6b{3t/X21$(lmQP@WfX\|!t lum2=WsOxI Uc,(!3rpGvk:#\`RliR\]\|9#dl<D;(\|g\q]En]O4_'a}so=KPsB#Dhjfz\\;A`

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:13:29 UTC	912	OUT	GET /favicon.ico HTTP/1.1 Host: jjfkfmnfrkrjjrrmmdk.gultiles.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/?ju=ZHRob3JuZUBpa2FzZ3JvdXAuY29t%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: B1z54a="MWNlOWU5Y2QtNWNhZS00MGIyLWFkNTktYjYxNjZlYzc4MjhmOmUxODA5MGZkLWM0ODctNDRmNi04NTk0LTVmZDNkNWViODYyNw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2024-12-12 14:13:30 UTC	740	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 12 Dec 2024 14:13:30 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: private p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 9e733207-2239-4f29-8d00-cbd75a1e3c00 x-ms-ests-server: 2.1.19683.3 - WEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://f9fbc1ea-1ce9e9cd.gultiles.com/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin access-control-allow-origin: * access-control-allow-headers: *
2024-12-12 14:13:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:13:32 UTC	442	OUT	OPTIONS /api/report?catId=GW+estsfd+ams2 HTTP/1.1 Host: f9fbc1ea-1ce9e9cd.gultiles.com Connection: keep-alive Origin: https://jjfkfmnfrkrjjrrmmdk.gultiles.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-12 14:13:33 UTC	336	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 12 Dec 2024 14:13:33 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding access-control-allow-headers: content-type access-control-allow-credentials: false access-control-allow-methods: , GET, OPTIONS, POST access-control-allow-origin:
2024-12-12 14:13:33 UTC	12	IN	Data Raw: 37 0d 0a 4f 50 54 49 4f 4e 53 0d 0a Data Ascii: 7OPTIONS
2024-12-12 14:13:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-12 14:13:32 UTC	661	OUT	GET /shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js HTTP/1.1 Host: 4ad2126b-1ce9e9cd.gultiles.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://jjfkfmnfrkrjjrrmmdk.gultiles.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://jjfkfmnfrkrjjrrmmdk.gultiles.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-12 14:13:34 UTC	813	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 12 Dec 2024 14:13:34 GMT Content-Type: application/x-javascript Content-Length: 122522 Connection: close cache-control: public, max-age=31536000 last-modified: Fri, 22 Nov 2024 01:34:34 GMT etag: 0x8DD0A95D1F56318 x-ms-request-id: 3e549c5b-401e-0000-2bbe-4bb4e9000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20241212T141333Z-17964fc66b726dp2hC1DUSk6hg00000003rg00000000403k x-fd-int-roxy-purgeid: 4554691 x-cache: TCP_HIT accept-ranges: bytes content-encoding: gzip
2024-12-12 14:13:34 UTC	15571	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 7b 77 e3 38 8e 38 fa ff fd 14 8e 66 6e da ee 28 2e c9 6f 2b ad ce ba 9c 54 55 b6 f3 9a 38 55 dd bb a9 4c 8e 2c d1 8e 3a b2 e4 95 e4 3c c6 f1 7e f6 1f 00 92 12 65 cb a9 aa de 3d f7 9e 7b 6e ef 6c c5 22 c1 17 08 82 00 08 82 ef 7e de f9 bf 2a 3f 57 f6 bf ff bf ca e8 7a 70 75 5d b9 f8 50 b9 fe 74 72 75 54 b9 84 af ff a8 9c 5f 5c 9f 0c 8f bf bf 1e 6c 14 ff ff fa de 4f 2a 13 3f 60 15 f8 3b 76 12 e6 55 a2 b0 12 c5 15 3f 74 a3 78 1e c5 4e ca 92 ca 0c fe 8d 7d 27 a8 4c e2 68 56 49 ef 59 65 1e 47 7f 32 37 4d 2a 81 9f a4 50 68 cc 82 e8 a9 52 85 ea 62 af 72 e9 c4 e9 4b e5 e4 b2 56 87 fa 19 d4 e6 4f fd 10 4a bb d1 fc 05 7e df a7 95 30 4a 7d 97 55 9c d0 a3 da 02 f8 08 13 56 59 84 1e 8b 2b 4f f7 be 7b 5f 39 f3 dd 38 4a a2 49 5a 89 99 Data Ascii: {w88fn(.o+TU8UL,:<~e={nl"~?Wzpu]PtruT_\lO?`;vU?txN}'LhVIYeG27M*PhRbrKVOJ~0J}UVY+O{_98JIZ
2024-12-12 14:13:34 UTC	14460	IN	Data Raw: 12 b0 c7 b7 08 7b 43 3c 80 35 07 c2 4a a6 54 3b 4a ed f6 8e a1 3b 75 86 be 10 18 7b e6 3b 55 41 d0 48 a4 e0 9d 97 b5 7d d0 12 80 03 3f e2 f1 42 b5 26 a4 ee ea 32 e4 97 fd 35 27 78 72 5e 12 6d 55 83 06 71 37 80 f1 5e cc b1 43 09 e0 c5 21 2e e3 c6 fe b8 d8 7f a5 fe 1c a2 9a 0b b4 80 02 90 7e aa fc 84 3a e5 4e 06 55 b5 d0 9c b1 87 2a 57 5e 71 c2 d0 42 36 9b e3 a5 19 ee 00 62 97 ed 39 c0 53 00 f0 22 1f 0c cb 2b ac 7d c3 e4 74 90 db 37 7c e9 20 fd d6 b4 e9 68 02 30 d1 04 20 54 7e 90 be c5 3d ec 7c c6 92 b5 72 a8 bf a3 8f 08 28 4c 47 4e fc 90 47 4c 38 f0 d7 3c df de a3 3f 16 f9 12 e2 45 90 f5 dc df d1 2f 4b c9 dd a8 cf 76 50 6c 42 4f 63 ba 3d 73 8e 37 cd 61 0f a9 7b 00 95 a7 a4 ba 42 b7 b0 c6 e3 2d ee 77 cc 8e eb 65 6e 8e 68 16 dd de 6f e1 53 86 db e8 5b 03 10 Data Ascii: {C<5JT;J;u{;UAH}?B&25'xr^mUq7^C!.~:NU*W^qB6b9S"+}t7\| h0 T~=\|r(LGNGL8<?E/KvPlBOc=s7a{B-wenhoS[
2024-12-12 14:13:34 UTC	16384	IN	Data Raw: 1d 02 d3 3c d4 c7 69 f8 bb e8 3e 44 ea 65 60 64 f4 61 44 df 67 43 d2 85 6c 8f c7 48 19 7c 11 f7 90 03 55 2a 93 34 cb f8 84 d9 8d c6 b8 5e e4 eb 59 50 5f 18 5c c9 a4 ab 81 ff 4a 4d f9 dd 3e ca 43 e3 7b 23 ab b4 63 1b b1 1d db 8c 62 fc 41 c6 f7 22 8f d0 2b 2b 9c a2 de 71 d7 48 e9 da 8f 01 ea 78 c9 af c6 3e 79 e1 38 ae 44 a1 73 6f fd 9e 7f 89 14 30 de 47 0b 6f 16 17 df c2 1c 7c 69 e2 88 fa af c3 82 d5 c0 35 bb 1f 4e 9b 25 e2 97 18 19 f7 57 ff 23 14 81 14 1b c6 41 58 99 13 08 41 20 7c c5 1a 90 51 db 48 29 70 2c ed e3 d4 c6 13 76 25 56 c7 44 54 68 a3 02 41 0e e9 41 41 e4 20 99 f8 c1 08 cd cb 25 a9 46 d1 bc 81 1d 10 5d 11 12 e1 d3 21 12 fc 1d d9 8b b5 95 6a 2f 72 77 6d 6b 93 00 8f 76 18 0b 6c 17 a8 21 25 23 70 8f 84 ff a6 da 6c ef c1 6a 9f f7 f0 01 03 03 3e d7 Data Ascii: <i>De`daDgClH\|U*4^YP_\JM>C{#cbA"++qHx>y8Dso0Go\|i5N%W#AXA \|QH)p,v%VDThAAA %F]!j/rwmkvl!%#plj>
2024-12-12 14:13:34 UTC	16384	IN	Data Raw: e4 7b 40 0a c1 42 cf 3f e2 f8 70 33 9a 5f fb d5 ac fb ac ba e0 0c db d5 f7 ef a3 31 bf 7b 5f 53 cf 31 1c 90 db a3 11 67 38 ac c9 c0 00 34 e8 f9 ca 79 8e ed b1 d0 92 4a d9 c0 dd d2 6b 5a 0d 7c 37 1d 4d 58 18 24 87 cc ce c8 32 69 7e c5 bf ad d7 43 da e9 fb bc ed 07 9f e2 fc 1a 83 91 1d a7 6a 88 7f b6 c7 05 ae 25 98 9f 1b 3e 1f e4 24 d8 39 f8 88 d0 43 f3 d6 6e cd 58 88 2f 47 da fc 9d b3 f4 ec 02 70 af 61 1b f8 e5 91 dd 5c ba 1d 8a b7 87 f6 db 3a 03 50 ce b8 63 e5 d3 07 66 51 d2 b5 dd 88 09 19 45 f0 bc d8 75 e4 e9 d5 d5 48 ec a5 37 38 37 bb 59 b6 8b 44 30 e7 7c 6d cf b2 c5 7c 52 86 37 76 86 69 f2 75 12 8d cb c3 31 ac 19 4e 6b 4f 1c db 6b 69 40 f6 80 f6 5a 3a b4 47 1d 37 2c cc fd 2e db 99 cb 11 d1 6d a1 56 e8 ba d5 95 6b a8 f0 90 67 07 52 7d ce 9b 1a 6f 60 42 Data Ascii: {@B?p3_1{_S1g84yJkZ\|7MX$2i~Cj%>$9CnX/Gpa\:PcfQEuH787YD0\|m\|R7viu1NkOki@Z:G7,.mVkgR}o`B
2024-12-12 14:13:34 UTC	16384	IN	Data Raw: 08 a9 a8 15 21 4e c4 15 fc ad 47 20 a2 66 bc 37 de 33 e2 05 5b 30 1d 05 9a 67 8f b1 1e 4d bf 41 3f 66 3e d0 47 c1 96 8b a3 17 bc b1 fe 6e b5 4a 79 2d 20 eb 04 f4 37 c9 34 36 9e 34 b6 eb 6e a7 d7 44 2d d9 22 a7 6e 2a 07 26 b5 94 13 88 7c 3f f3 16 41 a3 a2 c8 16 4d b3 6a 21 28 fa 08 09 18 69 74 9a a4 70 4a 5d 09 f0 24 7b fa 34 53 04 54 8b 8b 10 0d 06 6e b6 54 b3 a8 d5 27 31 bb d0 fa d9 c3 43 c4 27 8e 7c 19 7a 06 69 2b cc 0a ba 20 ec b4 b5 fa bf 2c 3b c2 b7 a9 bb 01 8c 08 34 eb 14 2c 67 1e 7b c8 66 ee f4 cf 08 96 dd 15 75 54 a3 c0 db 19 0a e1 de f6 e8 81 27 e4 e3 e2 a9 4c a5 a6 53 09 82 d6 bf d6 73 c5 4f 42 22 a4 29 27 83 55 12 23 fc 93 a7 d1 1d d4 0f ab ec d2 67 df c5 82 81 2d 32 11 7d 4d fd 11 57 a4 25 97 cb 64 3c 8e d3 47 1c 58 54 43 ff 94 07 8b cd 16 75 Data Ascii: !NG f73[0gMA?f>GnJy- 7464nD-"n*&\|?AMj!(itpJ]${4STnT'1C'\|zi+ ,;4,g{fuT'LSsOB")'U#g-2}MW%d<GXTCu
2024-12-12 14:13:34 UTC	16384	IN	Data Raw: e9 3c 5b ea f6 99 99 4a 0a d8 6e f7 f9 6c be a9 e5 d1 7b a1 0e 8e ee 51 f3 2b 16 7e 4f e1 65 56 95 56 ba a5 21 d5 1d 59 1b 22 41 fb ca 5e 8d 2c 9a d9 95 1d 6e b4 ff dd e4 7d 7d e9 db a1 bc aa 83 47 85 aa 98 d6 b2 6d b2 b9 69 93 6b e7 93 03 dd 6a 72 5f 5e 76 b7 a6 13 5a df ed ef 7f b7 bc 87 ee aa ff 70 ba f6 8e b4 5e 98 84 86 d7 64 43 1c 59 e7 74 bc e1 5f 93 07 9d 9b b5 cf 67 50 00 98 10 cd 21 f7 63 94 24 5b f7 07 7a ab 72 4c 35 9f 4e ac c1 39 04 3a 6c a1 81 f5 ef d9 32 4b 62 bf 2f e4 68 78 7d 9a c5 85 f5 7f ad a7 e3 c6 bc 1a 59 ff 33 f9 81 02 e0 5e 9f 1e 9f 9f b6 e2 49 ad ff 2b d5 6d 20 58 3c 31 d2 01 48 fa e6 53 f0 9b 9f 95 c6 74 81 d6 9e 8f eb 53 4a cb 3b 87 3a 17 ee 7c 68 0a d0 0d a6 b4 6b 86 37 c7 d5 13 15 99 a4 f4 5b 3d 1e ca 6d 7c 26 ef 9d 61 6d 68 Data Ascii: <[Jnl{Q+~OeVV!Y"A^,n}}Gmikjr_^vZp^dCYt_gP!c$[zrL5N9:l2Kb/hx}Y3^I+m X<1HStSJ;:\|hk7[=m\|&amh
2024-12-12 14:13:34 UTC	2737	IN	Data Raw: 2a b2 02 e8 f4 ce 04 e5 b6 97 7d 70 56 08 18 f6 14 06 b9 ac 34 5e d6 39 59 60 52 20 10 74 9a ba 95 5e ac 01 f9 21 d1 02 1a 5d ac ba c9 7b 09 69 7d 93 57 07 5c 54 ea 34 ec 50 8e 17 da 2f 3e a6 d0 c6 37 a8 cf 2a 49 e1 19 1c ff ee 89 b1 0e 09 96 6d 4d ef fb 67 3f fe a0 5e d7 be f5 7b 7a 33 12 44 00 c4 a4 30 61 f2 13 36 6f 4c c4 30 90 9d 92 3e 2b 57 be 14 f7 06 f5 8f c1 e1 00 f0 d5 bf 47 eb 1d e9 e0 e2 ba 27 25 c2 ea ad 4f 6a 5b 7f bc a7 c3 aa a9 ad 35 de be ce 53 47 47 d9 5c b2 57 47 f5 f8 ee af 77 79 1f f0 94 f3 76 97 4d 07 a6 72 2d 2a 0f 67 eb a2 66 bd c7 65 76 e9 ee 72 6d 30 e0 d6 37 fd 94 08 3e 69 19 c4 83 1e 23 99 2e 72 e8 c4 2c a9 5a 4f ea 43 a8 83 cd f6 d8 45 5d a4 bf 81 13 63 d8 ae d9 cb fd e5 1f b4 dd 9c a6 8e 4a 2c ba 7c ff 70 38 ea af 5c 88 6b e0 Data Ascii: }pV4^9Y`R t^!]{i}W\T4P/>7ImMg?^{z3D0a6oL0>+WG'%Oj[5SGG\WGwyvMr-*gfevrm07>i#.r,ZOCE]cJ,\|p8\k
2024-12-12 14:13:34 UTC	16384	IN	Data Raw: af 2b 2b b4 f2 f5 0f 75 dd de 56 df d7 9b b5 2b 5a be 7e 79 8d 87 ed af dd c0 3f 40 aa 7d 49 e6 ce 17 28 16 8d 7f f8 2f f1 f8 27 10 8f f3 7a b1 5a 42 61 27 62 73 53 bb 3b 11 a7 9b 1a 6f aa 3c 6d 15 b8 a9 ba 7e cd 8c fc 4e 82 ea b6 22 44 6f a4 2d f7 da 88 c6 fe e2 b1 ff 39 3c 96 ae 7e 5f c8 9f be 7b d0 70 d6 eb 7c c5 bb e2 ba 73 d5 eb c1 ec f4 2f 96 7b 53 96 ab a7 ee a7 d3 7e c6 db f9 f6 97 4d 71 0b 9b e2 f7 d1 e8 6f 13 44 71 4b 16 be 39 ac b0 fb e9 4f ca d5 75 43 4f 57 a9 62 53 73 4f 3f 89 44 be bc 9d c4 6d b8 3b d4 83 19 56 e2 01 9b b1 f9 bb 9f 75 3e 8d b6 3f f9 f3 72 fc 9a d7 73 0d c4 01 57 50 1c bc 6e c0 f8 cc 12 80 b2 72 ac 8e fc 7e 9d b1 a3 1d 77 b1 b1 d8 ef be fb f0 25 20 ce 93 33 ba f3 a9 a8 d8 79 56 9c 5e 76 d1 e5 d3 6d 2b 6a e4 40 74 5a f9 0f d9 Data Ascii: ++uV+Z~y?@}I(/'zZBa'bsS;o<m~N"Do-9<~_{p\|s/{S~MqoDqK9OuCOWbSsO?Dm;Vu>?rsWPnr~w% 3yV^vm+j@tZ
2024-12-12 14:13:34 UTC	7834	IN	Data Raw: 5e f2 e5 c2 17 6c cb 79 11 7c 36 9e 31 68 07 af 13 c2 b7 ac 57 51 0a 64 8d 66 24 86 ce 81 e7 a2 13 22 63 70 c7 a1 37 8f 82 30 e5 bc a6 6d 9c f2 85 aa f7 36 30 96 39 1a 18 3c 2f d3 51 c6 81 25 c2 c0 70 db c6 0b 81 50 7c c4 38 29 8e af 2c a4 84 83 3b 0f 3e 37 de b1 69 c1 84 74 c4 70 18 c7 e4 d6 78 23 c8 e5 58 b8 a0 5c c4 b0 39 50 ef 2d 25 b3 6b 28 4d 63 dc 81 81 62 39 ed bc 56 e0 f4 2a f8 44 85 43 bd f1 b3 ec a8 b0 a2 5c f9 67 eb 20 37 a0 ff b0 82 00 59 c6 83 2f 98 0f 58 be 6f 00 e8 e4 76 61 bc e4 eb 45 ae 67 87 a1 87 80 46 03 0e 20 08 ae d0 67 e3 17 d9 e1 2f d4 c1 11 20 45 f2 6d 0d a6 9a 46 6e 34 33 be 51 c6 fa fc c5 d9 09 88 58 97 31 e7 a6 3f 22 f8 7e 37 7e a3 93 2f 77 c6 3f 84 ad ee 77 8a 67 ca 3f 89 5f 7f 67 ef fe c9 fe fd 17 9d 04 9d 28 03 2b a6 97 32 Data Ascii: ^ly\|61hWQdf$"cp70m609</Q%pP\|8),;>7itpx#X\9P-%k(Mcb9V*DC\g 7Y/XovaEgF g/ EmFn43QX1?"~7~/w?wg?_g(+2